We must monitor Palo Alto devices using the REST API. In Zenoss core we managed to do this for twenty Palo Alto datasources/datapoints
Currently, we are looking into Zabbix as a replacement for Zenoss core. We are able to collect SNMP data using Zabbix. Our next challenge is to implement several Palo Alto based API based datasources/datapoints in Zabbix.
I am hoping some of you made the same journey and have experiences/ideas you want to share.
With Zenoss core we use the following procedure:
- Retrieve an API Key
https://{HOST.IP}/api/?type=keygen&user=<user>&password=<password> - Use the API key together with endpoint URLs to get the actual XML data
Some example endpoints: - https://{HOST.IP}/api/?type=op&cmd=<show><clock></clock></show>&key=<API key from step 1>
- https://{HOST.IP}/api/?type=op&cmd=<request><support><info></info></support></request>&key=<API key from step 1>
- https://{HOST.IP}/api/?type=op&cmd=<show><vpn><ipsec-sa></ipsec-sa></vpn> </show>>&key= <API key from step 1>
- Process the XML data in modeler plugins and the collector plugins
Note that we do not assign API key values to a configuration property (zProperty). Instead, we let the datasource / plugin do this for us. We monitor 700+ Palo Alto devices for multiple customers so we need a solution where we do not have to manually set AP keys. Instead, we want “Zabbix” to do the work for us. We want to store the API keys “somewhere” where we can read it to retrieve the actual XML data. This must be possible on a per device/host basis.
We have issues we have not been able to solve yet.
- Within an item we can retrieve the API key and assign it to a ‘host inventory field’. Problem is that we cannot access that field for reading in other items.
- Instead of assigning the API key to a ‘Host inventory field’, we tried to assign the API key value to a macro. We have not found a way to do this.
- Instead of retrieving the API key in an item, we tried to use low level discovery. Here I have the same problem. We can retrieve the key but do not see how to store the API key in a macro.
Any thoughts, suggestions are appreciated.