Documentation ¶
Overview ¶
Package panos interacts with Palo Alto and Panorama devices using the XML API.
Index ¶
- type AuthMethod
- type BlockedWebsite
- type CPULoadAverageEntryData
- type CPULoadByGroupData
- type CPULoadMaximumEntryData
- type DataProcessorResourceUtilData
- type DataProcessorsResourceUtilResponse
- type Destination
- type DeviceGroupEntry
- type DeviceGroupResponse
- type GlobalCounterEntries
- type GlobalCounterEntryData
- type GlobalCounterResponse
- type GlobalCounters
- type Hw
- type HwCounters
- type HwEntry
- type HwEntryData
- type Ifnet
- type IfnetCounters
- type IfnetEntry
- type IfnetEntryData
- type InterfaceCounterResponse
- type InterfaceResponse
- type LogContentResponse
- type LogEntry
- type LogEntryData
- type LogJobAttr
- type LogRetrieveJobCreateResponse
- type ManagementInterfaceInfo
- type ManagementInterfaceResponse
- type PaloAlto
- func (p *PaloAlto) CreateLogRetrieveJob(ctx context.Context) (jobID string, err error)
- func (p *PaloAlto) GetDataProcessorsResourceUtilData(ctx context.Context) (DataProcessorsResourceUtilResponse, error)
- func (p *PaloAlto) GetDeviceGroupNames(ctx context.Context) ([]string, error)
- func (p *PaloAlto) GetGlobalCounterData(ctx context.Context) (GlobalCounterResponse, error)
- func (p *PaloAlto) GetInterfaceCounterData(ctx context.Context) (InterfaceCounterResponse, error)
- func (p *PaloAlto) GetInterfaceData(ctx context.Context) (InterfaceResponse, error)
- func (p *PaloAlto) GetManagementInterfaceInfo(ctx context.Context) (ManagementInterfaceResponse, error)
- func (p *PaloAlto) GetRuleUsage(ctx context.Context, deviceGroup string, rulebaseName string) (RuleHitCountResponse, error)
- func (p *PaloAlto) GetSessionInfo(ctx context.Context) (SessionInfoResponse, error)
- func (p *PaloAlto) GetSystemsResourceUtilData(ctx context.Context) (SystemResourceUtilResponse, error)
- func (p *PaloAlto) GetTopBlockedWebsites(ctx context.Context) (TopBlockedWebsitesReport, error)
- func (p *PaloAlto) GetTopDestinations(ctx context.Context) (TopDestinationsReport, error)
- func (p *PaloAlto) GetTopSources(ctx context.Context) (TopSourcesReport, error)
- func (p *PaloAlto) RetrieveLogContent(ctx context.Context) (LogContentResponse, error)
- type ResourceUtilizationEntryData
- type RuleEntry
- type RuleHitCountResponse
- type SessionInfo
- type SessionInfoResponse
- type Source
- type SystemResourceUtilResponse
- type TopBlockedWebsitesReport
- type TopDestinationsReport
- type TopSourcesReport
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AuthMethod ¶
AuthMethod defines how we want to authenticate to the device. If using a username and password to authenticate, the Credentials field must contain the username and password , respectively (e.g. []string{"admin", "password"}). If you are using the API key for authentication, provide the entire key for the APIKey field.
type BlockedWebsite ¶
type CPULoadAverageEntryData ¶
type CPULoadByGroupData ¶
type CPULoadByGroupData struct { Pktlog_forwarding string `xml:"pktlog_forwarding,omitempty"` Flow_lookup string `xml:"flow_lookup,omitempty"` Flow_fastpath string `xml:"flow_fastpath,omitempty"` Flow_np string `xml:"flow_np,omitempty"` Aho_result string `xml:"aho_result,omitempty"` Zip_result string `xml:"zip_result,omitempty"` Flow_host string `xml:"flow_host,omitempty"` Flow_forwarding string `xml:"flow_forwarding,omitempty"` Module_internal string `xml:"module_internal,omitempty"` Flow_ctrl string `xml:"flow_ctrl,omitempty"` Lwm string `xml:"lwm,omitempty"` Flow_slowpath string `xml:"flow_slowpath,omitempty"` Dfa_result string `xml:"dfa_result,omitempty"` Nac_result string `xml:"nac_result,omitempty"` Flow_mgmt string `xml:'flow_mgmt,omitempty'` }
type CPULoadMaximumEntryData ¶
type DataProcessorResourceUtilData ¶
type DataProcessorResourceUtilData struct { CPULoadAverage []*CPULoadAverageEntryData `xml:"cpu-load-average>entry"` CPULoadByGroup *CPULoadByGroupData `xml:"task"` CPULoadMaximum []*CPULoadMaximumEntryData `xml:"cpu-load-maximum>entry"` ResourceUtilization []*ResourceUtilizationEntryData `xml:"resource-utilization>entry"` }
type DataProcessorsResourceUtilResponse ¶
type DataProcessorsResourceUtilResponse struct { XMLName xml.Name `xml:"response"` Status string `xml:"status,attr"` Result struct { DataProcessorsResourceUtil DataProcessorResourceUtilData `xml:"resource-monitor>data-processors>dp0>second"` } `xml:"result"` }
in most cases, the system only have 1 data processor, and use interval second to grabe the resource util data
type Destination ¶
type DeviceGroupEntry ¶
type DeviceGroupEntry struct {
Name string `xml:"name,attr"`
}
type DeviceGroupResponse ¶
type DeviceGroupResponse struct { XMLName xml.Name `xml:"response"` Status string `xml:"status,attr"` Code string `xml:"code,attr"` Result struct { Devicegroups []DeviceGroupEntry `xml:"devicegroups>entry,omitempty"` } `xml:"result"` }
type GlobalCounterEntries ¶
type GlobalCounterEntries struct {
GlobalCounterEntriesData []GlobalCounterEntryData `xml:"entry"`
}
type GlobalCounterEntryData ¶
type GlobalCounterResponse ¶
type GlobalCounters ¶
type GlobalCounters struct { GlobalCountersData GlobalCounterEntries `xml:"counters,omitempty"` T float64 `xml:t` }
type HwCounters ¶
type HwCounters struct {
HwCountersData []HwEntryData `xml:"entry"`
}
type HwEntryData ¶
type HwEntryData struct { Obytes float64 `xml:"obytes"` Name string `xml:"name"` Idrops float64 `xml:"idrops"` Ipackets float64 `xml:"ipackets"` Opackets float64 `xml:"opackets"` Ierrors float64 `xml:"ierrors"` Ibytes float64 `xml:"ibytes"` Tx_Unicast float64 `xml:"port>tx-unicast"` Tx_Multicast float64 `xml:"port>tx-multicast"` Rx_Broadcast float64 `xml:"port>rx-broadcast"` Rx_Unicast float64 `xml:"port>rx-unicast"` Rx_Multicast float64 `xml:"port>rx-multicast"` Rx_Bytes float64 `xml:"port>rx-bytes"` Tx_Broadcast float64 `xml:"port>tx-broadcast"` Tx_Bytes float64 `xml:"port>tx-bytes"` }
type Ifnet ¶
type Ifnet struct {
IfnetEntries []IfnetEntry `xml:"entry"`
}
type IfnetCounters ¶
type IfnetCounters struct {
IfnetCountersData []IfnetEntryData `xml:"entry"`
}
type IfnetEntry ¶
type IfnetEntryData ¶
type IfnetEntryData struct { Icmp_Frag float64 `xml:"icmp_frag"` Ifwderrors float64 `xml:"ifwderrors"` Ierrors float64 `xml:"ierrors"` Macspoof float64 `xml:"macspoof"` Pod float64 `xml:"pod"` Flowstate float64 `xml:"flowstate"` Ipspoof float64 `xml:"ipspoof"` Teardrop float64 `xml:"teardrop"` Ibytes float64 `xml:"ibytes"` Noarp float64 `xml:"noarp"` Sctp_Conn float64 `xml:"sctp_conn"` Noroute float64 `xml:"noroute"` Noneigh float64 `xml:"noneigh"` Nomac float64 `xml:"nomac"` L2_Encap float64 `xml:"l2_encap"` Zonechange float64 `xml:"zonechange"` Other_Conn float64 `xml:"other_conn"` Obytes float64 `xml:"obytes"` Land float64 `xml:"land"` Name string `xml:"name"` Tcp_Conn float64 `xml:"tcp_conn"` Neighpend float64 `xml:"neighpend"` Ipackets float64 `xml:"ipackets"` Opackets float64 `xml:"opackets"` L2_Decap float64 `xml:"l2_decap"` Udp_Conn float64 `xml:"udp_conn"` Idrops float64 `xml:"idrops"` }
type InterfaceCounterResponse ¶
type InterfaceCounterResponse struct { XMLName xml.Name `xml:"response"` Status string `xml:"status,attr"` Code string `xml:"code,attr"` Result struct { IfnetCounter IfnetCounters `xml:"ifnet>ifnet,omitempty"` HwCounter HwCounters `xml:"hw,omitempty"` } `xml:"result"` }
type InterfaceResponse ¶
type LogContentResponse ¶
type LogEntry ¶
type LogEntry struct {
EntryData LogEntryData `xml:"entry"`
}
type LogEntryData ¶
type LogEntryData struct { Domain string `xml:"domain,omitempty"` ReceiveTime string `xml:"receive_time,omitempty"` Serial string `xml:"serial,omitempty"` Seqno string `xml:"seqno,omitempty"` ActionFlags string `xml:"actionflags,omitempty"` IsLoggingService bool `xml:"is-logging-service,omitempty"` Type string `xml:"type,omitempty"` Subtype string `xml:"subtype,omitempty"` ConfigVer string `xml:"config_ver,omitempty"` TimeGenerated string `xml:"time_generated,omitempty"` SRC string `xml:"src,omitempty"` DST string `xml:"dst,omitempty"` Rule string `xml:"rule,omitempty"` SRCLoc string `xml:"srcloc,omitempty"` DSTLoc string `xml:"dstloc,omitempty"` App string `xml:"app,omitempty"` Vsys string `xml:"vsys,omitempty"` From string `xml:"from,omitempty"` To string `xml:"to,omitempty"` InboundIF string `xml:"inbound_if,omitempty"` OutboundIF string `xml:"outbound_if,omitempty"` LogSet string `xml:"logset,omitempty"` TimeReceived string `xml:"time_received,omitempty"` SessionID string `xml:"sessionid,omitempty"` Repeatcnt string `xml:"repeatcnt,omitempty"` Sport string `xml:"sport,omitempty"` Dport string `xml:"dport,omitempty"` NatsPort string `xml:"natsport,omitempty"` NatdPort string `xml:"natdport,omitempty"` Flags string `xml:"flags,omitempty"` FlagPcap bool `xml:"flag-pcap,omitempty"` FlagFlagged bool `xml:"flag-flagged,omitempty"` FlagProxy bool `xml:"flag-proxy,omitempty"` FlagUrlDenied bool `xml:"flag-url-denied,omitempty"` FlagNat bool `xml:"flag-nat,omitempty"` CaptivePortal bool `xml:"captive-portal,omitempty"` NonStdDport bool `xml:"non-std-dport,omitempty"` Transaction bool `xml:"transaction,omitempty"` PbfC2s bool `xml:"pbf-c2s,omitempty"` PbfS2c bool `xml:"pbf-s2c,omitempty"` TemporaryMatch bool `xml:"temporary-match,omitempty"` SymReturn bool `xml:"sym-return,omitempty"` DecryptMirror bool `xml:"decrypt-mirror,omitempty"` CredentialDetected bool `xml:"credential-detected,omitempty"` FlagMptcpSet bool `xml:"flag-mptcp-set,omitempty"` FlagTunnelInspected bool `xml:"flag-tunnel-inspected,omitempty"` FlagReconExcluded bool `xml:"flag-recon-excluded,omitempty"` FlagWfChannel bool `xml:"flag-wf-channel,omitempty"` Proto string `xml:"proto,omitempty"` Action string `xml:"action,omitempty"` Tunnel string `xml:"tunnel,omitempty"` Tpadding string `xml:"tpadding,omitempty"` Cpadding string `xml:"cpadding,omitempty"` DgHierLevel1 string `xml:"dg_hier_level_1,omitempty"` DgHierLevel2 string `xml:"dg_hier_level_2,omitempty"` DgHierLevel3 string `xml:"dg_hier_level_3,omitempty"` DgHierLevel4 string `xml:"dg_hier_level_4,omitempty"` Device_name string `xml:"device_name,omitempty"` VsysID string `xml:"vsys_id,omitempty"` TunnelidImsi string `xml:"tunnelid_imsi,omitempty"` ParentSessionID string `xml:"parent_session_id,omitempty"` ThreatID string `xml:"threatid,omitempty"` Tid string `xml:"tid,omitempty"` ReportID string `xml:"reportid,omitempty"` Category string `xml:"category,omitempty"` Severity string `xml:"severity,omitempty"` Direction string `xml:"direction,omitempty"` UrlIdx string `xml:"url_idx,omitempty"` Padding string `xml:"padding,omitempty"` PcapID string `xml:"pcap_id,omitempty"` Contentver string `xml:"contentver,omitempty"` SigFlags string `xml:"sig_flags,omitempty"` ThrCategory string `xml:"thr_category,omitempty"` AssocID string `xml:"assoc_id,omitempty"` PPID string `xml:"ppid,omitempty"` Misc string `xml:"misc,omitempty"` TunnelID string `xml:"tunnelid,omitempty"` Imsi string `xml:"imsi,omitempty"` MonitorTag string `xml:"monitortag,omitempty"` Imei string `xml:"imei,omitempty"` }
type LogJobAttr ¶
type ManagementInterfaceInfo ¶
type ManagementInterfaceInfo struct { Gw string `xml:"gw"` Name string `xml:"name"` Duplex string `xml:"duplex"` Ip string `xml:"ip"` StateC string `xml:"state_c"` Ipv6gw string `xml:"ipv6gw"` Netmask string `xml:"netmask"` Hwaddr string `xml:"hwaddr"` State string `xml:"state"` DuplexC string `xml:"duplex_c"` Ipv6ll string `xml:"ipv6ll"` Ipv6 string `xml:"ipv6"` SpeedC string `xml:"speed_c"` Speed string `xml:"speed"` }
type ManagementInterfaceResponse ¶
type ManagementInterfaceResponse struct { XMLName xml.Name `xml:"response"` Status string `xml:"status,attr"` Code string `xml:"code,attr"` Result struct { Info ManagementInterfaceInfo `xml:"info,omitempty"` } `xml:"result"` }
type PaloAlto ¶
type PaloAlto struct { Host string Key string URI string Platform string Model string Serial string SoftwareVersion string DeviceType string Panorama bool IPAddress string Netmask string DefaultGateway string MACAddress string Time string Uptime string GPClientPackageVersion string GPDatafileVersion string GPDatafileReleaseDate string GPClientlessVPNVersion string GPClientlessVPNReleaseDate string AppVersion string AppReleaseDate string AntiVirusVersion string AntiVirusReleaseDate string ThreatVersion string ThreatReleaseDate string WildfireVersion string WildfireReleaseDate string URLDB string URLFilteringVersion string LogDBVersion string MultiVsys string OperationalMode string }
PaloAlto is a container for our session state. It also holds information about the device that is gathered upon a successful connection to it.
func NewPanosClient ¶
func NewPanosClient(host string, authmethod *AuthMethod) (*PaloAlto, error)
NewSession sets up our connection to the Palo Alto firewall or Panorama device. The authmethod parameter is used to define two ways of authenticating to the device. One is via username/password, the other is with the API key if you already have generated it. Please see the documentation for the AuthMethod struct for further details.
func (*PaloAlto) CreateLogRetrieveJob ¶
func (*PaloAlto) GetDataProcessorsResourceUtilData ¶
func (p *PaloAlto) GetDataProcessorsResourceUtilData(ctx context.Context) (DataProcessorsResourceUtilResponse, error)
func (*PaloAlto) GetDeviceGroupNames ¶
func (*PaloAlto) GetGlobalCounterData ¶
func (p *PaloAlto) GetGlobalCounterData(ctx context.Context) (GlobalCounterResponse, error)
func (*PaloAlto) GetInterfaceCounterData ¶
func (p *PaloAlto) GetInterfaceCounterData(ctx context.Context) (InterfaceCounterResponse, error)
func (*PaloAlto) GetInterfaceData ¶
func (p *PaloAlto) GetInterfaceData(ctx context.Context) (InterfaceResponse, error)
func (*PaloAlto) GetManagementInterfaceInfo ¶
func (p *PaloAlto) GetManagementInterfaceInfo(ctx context.Context) (ManagementInterfaceResponse, error)
func (*PaloAlto) GetRuleUsage ¶
func (*PaloAlto) GetSessionInfo ¶
func (p *PaloAlto) GetSessionInfo(ctx context.Context) (SessionInfoResponse, error)
func (*PaloAlto) GetSystemsResourceUtilData ¶
func (p *PaloAlto) GetSystemsResourceUtilData(ctx context.Context) (SystemResourceUtilResponse, error)
func (*PaloAlto) GetTopBlockedWebsites ¶
func (p *PaloAlto) GetTopBlockedWebsites(ctx context.Context) (TopBlockedWebsitesReport, error)
func (*PaloAlto) GetTopDestinations ¶
func (p *PaloAlto) GetTopDestinations(ctx context.Context) (TopDestinationsReport, error)
func (*PaloAlto) GetTopSources ¶
func (p *PaloAlto) GetTopSources(ctx context.Context) (TopSourcesReport, error)
func (*PaloAlto) RetrieveLogContent ¶
func (p *PaloAlto) RetrieveLogContent(ctx context.Context) (LogContentResponse, error)
type RuleHitCountResponse ¶
type SessionInfo ¶
type SessionInfo struct { TmoSctpshutdown int `xml:"tmo-sctpshutdown"` TcpNonsynRej bool `xml:"tcp-nonsyn-rej"` TmoTcpinit int `xml:"tmo-tcpinit"` TmoTcp int `xml:"tmo-tcp"` Pps int `xml:"pps"` TmoTcpDelayedAck int `xml:"tmo-tcp-delayed-ack"` NumMax int `xml:"num-max"` AgeScanThresh int `xml:"age-scan-thresh"` TmoTcphalfclosed int `xml:"tmo-tcphalfclosed"` NumActive int `xml:"num-active"` TmoSctp int `xml:"tmo-sctp"` DisDef int `xml:"dis-def"` NumMcast int `xml:"num-mcast"` IcmpUnreachableRate int `xml:"icmp-unreachable-rate"` TmoTcptimewait int `xml:"tmo-tcptimewait"` AgeScanSsf int `xml:"age-scan-ssf"` TmoUdp int `xml:"tmo-udp"` VardataRate int `xml:"vardata-rate"` AgeScanTmo int `xml:"age-scan-tmo"` DisSctp int `xml:"dis-sctp"` Dp string `xml:"</dp"` DisTcp int `xml:"s-tcp"` TcpRejectSiwThresh int `xml:"tcp-reject-siw-thresh"` NumUdp int `xml:"num-udp"` TmoIcmp int `xml:"tmo-icmp"` MaxPendingMcast int `xml:"max-pending-mcast"` AgeAccelThresh int `xml:"age-accel-thresh"` TcpDiffSynRej bool `xml:"tcp-diff-syn-rej"` NumGtpc int `xml:"num-gtpc"` OorAction string `xml:"oor-action"` TmoDef int `xml:"tmo-def"` NumPredict int `xml:"num-predict"` AgeAccelEn bool `xml:"age-accel-en"` AgeAccelTsf int `xml:"age-accel-tsf"` HwOffload bool `xml:"hw-offload"` NumIcmp int `xml:"num-icmp"` NumGtpuActive int `xml:"num-gtpu-active"` TmoCp int `xml:"tmo-cp"` TcpStrictRst bool `xml:"tcp-strict-rst"` TmoSctpinit int `xml:"tmo-sctpinit"` StrictChecksum bool `xml:"strict-checksum"` TmoTcpUnverifRst int `xml:"tmo-tcp-unverif-rst"` NumBcast int `xml:"num-bcast"` Ipv6Fw bool `xml:"ipv6-fw"` Cps int `xml:"cps"` NumInstalled int `xml:"num-installed"` NumTcp int `xml:"num-tcp"` DisUdp int `xml:"dis-udp"` NumSctpAssoc int `xml:"num-sctp-assoc"` NumSctpSess int `xml:"num-sctp-sess"` TcpRejectSiwEnable bool `xml:"tcp-reject-siw-enable"` TmoTcphandshake int `xml:"tmo-tcphandshake"` HwUdpOffload bool `xml:"hw-udp-offload"` Kbps int `xml:"kbps"` NumGtpuPending int `xml:"num-gtpu-pending"` }
type SessionInfoResponse ¶
type SessionInfoResponse struct { XMLName xml.Name `xml:"response"` Status string `xml:"status,attr"` SessionInfo SessionInfo `xml:"result"` }
type SystemResourceUtilResponse ¶
type SystemResourceUtilResponse struct { XMLName xml.Name `xml:"response"` Status string `xml:"status,attr"` Result string `xml:"result"` }
in most cases, the system only have 1 data processor, and use interval second to grabe the resource util data
type TopBlockedWebsitesReport ¶
type TopBlockedWebsitesReport struct { XMLName xml.Name `xml:"report"` Name string `xml:"reportname,attr"` LogType string `xml:"logtype,attr"` Result struct { BlockedWebsites []BlockedWebsite `xml:"entry,omitempty"` } `xml:"result"` }
type TopDestinationsReport ¶
type TopDestinationsReport struct { XMLName xml.Name `xml:"report"` Name string `xml:"reportname,attr"` LogType string `xml:"logtype,attr"` Result struct { Destinations []Destination `xml:"entry,omitempty"` } `xml:"result"` }