i'm trying to monitor PAN OS bgp peer status , in PAN OS you have a limited SNMP MIB's that does not have any OID for bgp protocol or bgp peering status .

and my goal is to create a monitor through the custom REST sensor because PAN OS have access to bgp protocol or bgp peering status through the API on the appliance .

the problem is that i cant manage to figure out what and which arguments should be in the "*.template" and were to do the lookup's .

REST query :

"/api/?type=op&cmd=<show><routing><protocol><bgp><peer><peer-name>Peer-name</peer-name></peer></bgp></protocol></routing></show>"

output example for the API XML answer :

<response status="success">
	<result>
		<entry peer="Peer-name" vr="XXXXXX">
			<peer-group>peer-group-name</peer-group>
			<peer-router-id>xx.xx.xx.xx</peer-router-id>
			<remote-as>xxxxx</remote-as>
			<status>Established</status>
			<status-duration>0</status-duration>
			<password-set>yes</password-set>
			<passive>no</passive>
			<multi-hop-ttl>0</multi-hop-ttl>
			<peer-address>x.x.x.x:0</peer-address>
			<local-address>x.x.x.x:0</local-address>
			<reflector-client>not-client</reflector-client>
			<same-confederation>no</same-confederation>
			<aggregate-confed-as>yes</aggregate-confed-as>
			<peering-type>Unspecified</peering-type>
			<connect-retry-interval>0</connect-retry-interval>
			<open-delay>0</open-delay>
			<idle-hold>0</idle-hold>
			<prefix-limit>0</prefix-limit>
			<holdtime>0</holdtime>
			<holdtime-config>0</holdtime-config>
			<keepalive>0</keepalive>
			<keepalive-config>0</keepalive-config>
			<msg-update-in>0</msg-update-in>
			<msg-update-out>0</msg-update-out>
			<msg-total-in>0</msg-total-in>
			<msg-total-out>0</msg-total-out>
			<last-update-age>0</last-update-age>
			<last-error>Cease (6) : connection rejected (5)</last-error>
			<status-flap-counts>0</status-flap-counts>
			<established-counts>0</established-counts>
			<ORF-entry-received>0</ORF-entry-received>
			<nexthop-self>no</nexthop-self>
			<nexthop-thirdparty>yes</nexthop-thirdparty>
			<nexthop-peer>no</nexthop-peer>
			<config>
				<remove-private-as>yes</remove-private-as>
			</config>
			<peer-capability>
				<list>
					<capability>Multiprotocol Extensions(1)</capability>
					<value>xxxxxx</value>
				</list>
				<list>
					<capability>Route Refresh(2)</capability>
					<value>yes</value>
				</list>
				<list>
					<capability>Graceful Restart(64)</capability>
					<value>xxxxx</value>
				</list>
				<list>
					<capability>4-Byte AS Number(65)</capability>
					<value>xxxxx</value>
				</list>
				<list>
					<capability>Route Refresh (Cisco)(128)</capability>
					<value>yes</value>
				</list>
			</peer-capability>
			<prefix-counter>
				<entry afi-safi="xxxxxxxxxx">
					<incoming-total>xxxx</incoming-total>
					<incoming-accepted>xxxx</incoming-accepted>
					<incoming-rejected>0</incoming-rejected>
					<outgoing-total>0</outgoing-total>
					<outgoing-advertised>0</outgoing-advertised>
				</entry>
			</prefix-counter>
		</entry>
	</result>
</response>

i want to get the peer name ,peer group name ,bgp status and bgp peer adreess from that output .

  • bgp-peer-name -
    • <entry peer="peer-name" vr="XXXXXX">
  • bgp-peer-group-name -
    • <peer-group>peer-group-name</peer-group>
  • bgp-status -
    • <status>Established</status>
  • bgp-peer-address -
    • <peer-address>X.X.X.X:XXX</peer-address>

i understand that i need to do some lookup's for "translating" the text arguments to numerical like the peer and peer group names and the bgp status .

i appreciate any help regarding that issue.

thx Dor.

Article Comments

Hello Dor,
thank you for your inquiry.

Nice find in the Palo Alto API. As for translating (converting the text to a value), the process is essentially:

  1. The XML contains the string, for instance: Established
  2. In the Rest Custom sensor a function lookup(string, string, string, ...) converts the string to a numerical value.
  3. In PRTG, you associated a regular lookup to the channel, to once more transform the numerical value to a string/state.

This function (as well as other supported functions) are described in the sensor's manual page:

The reason why this is needed, is that channels cannot contain strings, only numerical values are accepted. Depending on the amount of peers that you have (If less than 50) you could create one channel per peer, with the corresponding lookup state.

Please keep in mind however, that properties like <peer-address>, <peer-group> or <entry peer>(name) must either be a channel name, or a message. These are not numerical values (I would also not advise converting them using the lookup function.

If you need some inspiration, please refer to these examples:

You can also check the standard templates included with PRTG, which are available in the following folder on the PRTG Server:

C:\Program Files (x86)\PRTG Network Monitor\Custom Sensors\rest\

Best Regards,
Luciano Lingnau [Paessler Support]


Jun, 2018 - Permalink

Dor,

Were you ever able to get this working? Attempting to do the same and running into roadblocks.


Dec, 2018 - Permalink

Hi Jonny,

Have you checked Luciano's answer?
Please share some more details into what issues you exactly run, what is not working and what you have tried so far so we can figure this out.

Best regards.


Dec, 2018 - Permalink