Monitoring Paloalto firewall status by XML API

I wrote this small code for our early morning checks to see the summary of firewalls.

In order to make it working, create a read only user on Device -> Administrators. Then create your API key by following steps described here.

Enjoy!

<?php
include_once(‘header.php’); //here you have session and menu information
// 17/03/2015 Cem DOGAN
// Report all PHP errors
error_reporting(E_ALL);
// Set timezone
#date_default_timezone_set(‘Europe/Amsterdam’);

//proxy information if any. if you have proxy authentication you can enable $proxyauth here
$proxy_ext = ‘10.104.100.13:3128’;
//$proxyauth = ‘user:password’;

function Visit_pa($url,$proxy){
// echo “url : “.$url.” proxy : “.$proxy.”<br/>”;
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$url);
if ($proxy == 1){
curl_setopt($ch, CURLOPT_PROXY, $proxy_ext);
}
//curl_setopt($ch, CURLOPT_PROXYUSERPWD, $proxyauth);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
//curl_setopt($ch, CURLOPT_HEADER, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($ch, CURLOPT_CAPATH, “./cacert.pem”);
$curl_scraped_page = curl_exec($ch);
//echo curl_error($ch).”<br/>”;
curl_close($ch);
return $curl_scraped_page;
}
// Palo Alto systems check – OVERWIEW
//this section displays general overview of PaloAlto Firewall.
//key value is your API Key generated before
$pa_status1 = Visit_pa(“https://your.nice.paloalto.url/api/?type=op&cmd=%3Cshow%3E%3Chigh-availability%3E%3Cstate%3E%3C%2Fstate%3E%3C%2Fhigh-availability%3E%3C%2Fshow%3E&key=YOUR-API-KEY-HERE”);

 

$pa_status1 = new SimpleXMLElement($pa_status1);
echo ‘<h6><u>Palo Alto ‘.$curdate.’ : </u></h6><pre>’;
echo ‘<u>PA-Model:</u> ‘.$pa_status1->result->group->{‘local-info’}->{‘platform-model’};
echo ‘<u> Management IP:</u> ‘.$pa_status1->result->group->{‘local-info’}->{‘mgmt-ip’};
echo ‘<u> State:</u> ‘.$pa_status1->result->group->{‘local-info’}->{‘state’};
echo ‘<u> Sync:</u> ‘.$pa_status1->result->group->{‘local-info’}->{‘state-sync’};
echo ‘<br/>’;
echo ‘<u>PA-Model:</u> ‘.$pa_status1->result->group->{‘peer-info’}->{‘platform-model’};
echo ‘<u> Management IP:</u> ‘.$pa_status1->result->group->{‘peer-info’}->{‘mgmt-ip’};
echo ‘<u> State:</u> ‘.$pa_status1->result->group->{‘peer-info’}->{‘state’};
echo ‘<br/>’;
echo ‘<u> Running Sync:</u> ‘.$pa_status1->result->group->{‘running-sync’};
echo ‘<br/>’;

// Palo Alto systems check – SYSTEM CRITICAL LOGS –
//this section checks PA critical logs and displays if any in defined time period.
$days_ago = 3;
$pa_days = date(“Y/m/d%20H:m:s”, ( time( ) – 86400 * $days_ago) );
$days_ago = date(“d-m-Y”, ( time( ) – 86400 * $days_ago) );

$pa_status2 = Visit_pa(“https://your.nice.paloalto.url/api/?type=log&log-type=system&query=(%20severity%20eq%20critical%20)%20and%20(%20receive_time%20geq%20%27$pa_days%27%20)&key=YOUR-API-KEY-HERE”);
$pa_status2 = new SimpleXMLElement($pa_status2);
$pa_status2 = $pa_status2->result->{‘job’};
$pa_status2 = Visit_pa(“https://your.nice.paloalto.url/api/?type=log&action=get&job-id=$pa_status2&key=YOUR-API-KEY-HERE”);
$pa_status2 = new SimpleXMLElement($pa_status2);
$pa_log_count= $pa_status2->result->log->{‘logs’}[count];
echo ‘<u>PA-log count:</u> ‘.$pa_log_count.'<br/>’;
if ($pa_log_count > 0 ) {
echo “PA-system critical logs since $days_ago<br/>”;
$pa_logs=$pa_status2->result->log->logs;
for ($i = 0; $i < $pa_log_count; $i++) {
echo “<u>Seq no: </u>”.$pa_logs->entry[$i]->seqno
.” – <u>Type: </u>”.$pa_logs->entry[$i]->type
.” – <u>Subtype: </u>”.$pa_logs->entry[$i]->subtype
.” – <u>Time: </u>”.$pa_logs->entry[$i]->time_generated
.” – <u>Event ID: </u>”.$pa_logs->entry[$i]->eventid
.” – <u>Opaque: </u>”.$pa_logs->entry[$i]->opaque.”<br/></pre>”;
}
}
else {
echo “<font color=green>No critical log(s) found on PA systems since $days_ago”.”</font></pre>”;

}

?>

Leave a Reply

Your email address will not be published. Required fields are marked *