A TIG stack for monitoring Palo Alto Networks firewalls.
This docker-compose.yml file implements a TIG stack (Telegraf, InfluxDB, and Grafana) used for monitoring Palo Alto Networks NGFW devices via SNMP and trending the results in a Grafana dashboard.
- One or more Palo Alto Networks NGFW devices running PAN-OS 10.0 or greater
- Docker engine 20.10.6 or greater
- Clone this repository onto a Docker server and then
cdinto the repository directory. - Edit the file
telegraf/config/panos.confand add a list of firewall IP addresses to monitor in the section[inputs.snmp]and define the SNMP community string that will be used. - Ensure that SNMP is enabled on your firewall management interfaces and that an SNMP community string is defined and matches the one in the configuration file.
- Run the command
docker-compose up -dto start the deployment. - Access the Grafana server at http://localhost:3000.
- Log into the Grafana server (admin/admin) and access the PAN-OS dashboard at Dashboards > Manage > Network > Palo Alto Networks Firewalls.
- Thanks to Victor Brahana (vbarahona)for the Grafana dashboard and telegraf configs located at https://github.com/vbarahona/Panos2Grafana and distributed on Grafana Labs.