Got it working by manually counting the number of the entry up.
The template I used:
{
"prtg": {
"description" : {
"device": "DEVICE",
"query": "/api/?type=op&cmd=<show><running><tunnel><flow><all></all></flow></tunnel></running></show>&key=MYAPIKEY",
"comment": "COMMENT"
},
"result": [
{
"channel": $..IPSec.entry[0].name ,
"value": $..IPSec.entry[0].state(lookup(@, 'active', 'init', 'inactive')) ,
"ValueLookup": "prtg.customlookup.ipsec.state"
},
{
"channel": $..IPSec.entry[1].name ,
"value": $..IPSec.entry[1].state(lookup(@, 'active', 'init', 'inactive')) ,
"ValueLookup": "prtg.customlookup.ipsec.state"
},
{
"channel": $..IPSec.entry[2].name ,
"value": $..IPSec.entry[2].state(lookup(@, 'active', 'init', 'inactive')) ,
"ValueLookup": "prtg.customlookup.ipsec.state"
},
{
"channel": $..IPSec.entry[3].name ,
"value": $..IPSec.entry[3].state(lookup(@, 'active', 'init', 'inactive')) ,
"ValueLookup": "prtg.customlookup.ipsec.state"
},
{
"channel": $..IPSec.entry[4].name ,
"value": $..IPSec.entry[4].state(lookup(@, 'active', 'init', 'inactive')) ,
"ValueLookup": "prtg.customlookup.ipsec.state"
},
{
"channel": $..IPSec.entry[5].name ,
"value": $..IPSec.entry[5].state(lookup(@, 'active', 'init', 'inactive')) ,
"ValueLookup": "prtg.customlookup.ipsec.state"
},
{
"channel": $..IPSec.entry[6].name ,
"value": $..IPSec.entry[6].state(lookup(@, 'active', 'init', 'inactive')) ,
"ValueLookup": "prtg.customlookup.ipsec.state"
},
{
"channel": $..IPSec.entry[7].name ,
"value": $..IPSec.entry[7].state(lookup(@, 'active', 'init', 'inactive')) ,
"ValueLookup": "prtg.customlookup.ipsec.state"
},
{
"channel": $..IPSec.entry[8].name ,
"value": $..IPSec.entry[8].state(lookup(@, 'active', 'init', 'inactive')) ,
"ValueLookup": "prtg.customlookup.ipsec.state"
},
{
"channel": $..IPSec.entry[9].name ,
"value": $..IPSec.entry[9].state(lookup(@, 'active', 'init', 'inactive')) ,
"ValueLookup": "prtg.customlookup.ipsec.state"
},
{
"channel": $..IPSec.entry[10].name ,
"value": $..IPSec.entry[10].state(lookup(@, 'active', 'init', 'inactive')) ,
"ValueLookup": "prtg.customlookup.ipsec.state"
},
{
"channel": $..IPSec.entry[11].name ,
"value": $..IPSec.entry[11].state(lookup(@, 'active', 'init', 'inactive')) ,
"ValueLookup": "prtg.customlookup.ipsec.state"
},
{
"channel": $..IPSec.entry[12].name ,
"value": $..IPSec.entry[12].state(lookup(@, 'active', 'init', 'inactive')) ,
"ValueLookup": "prtg.customlookup.ipsec.state"
},
{
"channel": $..IPSec.entry[13].name ,
"value": $..IPSec.entry[13].state(lookup(@, 'active', 'init', 'inactive')) ,
"ValueLookup": "prtg.customlookup.ipsec.state"
},
{
"channel": $..IPSec.entry[14].name ,
"value": $..IPSec.entry[14].state(lookup(@, 'active', 'init', 'inactive')) ,
"ValueLookup": "prtg.customlookup.ipsec.state"
},
{
"channel": $..IPSec.entry[15].name ,
"value": $..IPSec.entry[15].state(lookup(@, 'active', 'init', 'inactive')) ,
"ValueLookup": "prtg.customlookup.ipsec.state"
},
{
"channel": $..IPSec.entry[16].name ,
"value": $..IPSec.entry[16].state(lookup(@, 'active', 'init', 'inactive')) ,
"ValueLookup": "prtg.customlookup.ipsec.state"
},
{
"channel": $..IPSec.entry[17].name ,
"value": $..IPSec.entry[17].state(lookup(@, 'active', 'init', 'inactive')) ,
"ValueLookup": "prtg.customlookup.ipsec.state"
},
{
"channel": $..IPSec.entry[18].name ,
"value": $..IPSec.entry[18].state(lookup(@, 'active', 'init', 'inactive')) ,
"ValueLookup": "prtg.customlookup.ipsec.state"
},
{
"channel": $..IPSec.entry[19].name ,
"value": $..IPSec.entry[19].state(lookup(@, 'active', 'init', 'inactive')) ,
"ValueLookup": "prtg.customlookup.ipsec.state"
},
{
"channel": $..IPSec.entry[20].name ,
"value": $..IPSec.entry[20].state(lookup(@, 'active', 'init', 'inactive')) ,
"ValueLookup": "prtg.customlookup.ipsec.state"
},
{
"channel": $..IPSec.entry[21].name ,
"value": $..IPSec.entry[21].state(lookup(@, 'active', 'init', 'inactive')) ,
"ValueLookup": "prtg.customlookup.ipsec.state"
},
{
"channel": $..IPSec.entry[22].name ,
"value": $..IPSec.entry[22].state(lookup(@, 'active', 'init', 'inactive')) ,
"ValueLookup": "prtg.customlookup.ipsec.state"
},
{
"channel": $..IPSec.entry[23].name ,
"value": $..IPSec.entry[23].state(lookup(@, 'active', 'init', 'inactive')) ,
"ValueLookup": "prtg.customlookup.ipsec.state"
},
{
"channel": $..IPSec.entry[24].name ,
"value": $..IPSec.entry[24].state(lookup(@, 'active', 'init', 'inactive')) ,
"ValueLookup": "prtg.customlookup.ipsec.state"
},
{
"channel": $..IPSec.entry[25].name ,
"value": $..IPSec.entry[25].state(lookup(@, 'active', 'init', 'inactive')) ,
"ValueLookup": "prtg.customlookup.ipsec.state"
},
{
"channel": $..IPSec.entry[26].name ,
"value": $..IPSec.entry[26].state(lookup(@, 'active', 'init', 'inactive')) ,
"ValueLookup": "prtg.customlookup.ipsec.state"
},
{
"channel": $..IPSec.entry[27].name ,
"value": $..IPSec.entry[27].state(lookup(@, 'active', 'init', 'inactive')) ,
"ValueLookup": "prtg.customlookup.ipsec.state"
},
{
"channel": $..IPSec.entry[28].name ,
"value": $..IPSec.entry[28].state(lookup(@, 'active', 'init', 'inactive')) ,
"ValueLookup": "prtg.customlookup.ipsec.state"
},
{
"channel": $..IPSec.entry[29].name ,
"value": $..IPSec.entry[29].state(lookup(@, 'active', 'init', 'inactive')) ,
"ValueLookup": "prtg.customlookup.ipsec.state"
},
]
}
}
The lookup I used:
<?xml version="1.0" encoding="UTF-8"?>
<ValueLookup id="prtg.customlookup.ipsec.state" desiredValue="0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="PaeValueLookup.xsd">
<Lookups>
<SingleInt state="Ok" value="0">
Active
</SingleInt>
<SingleInt state="Error" value="1">
Init
</SingleInt>
<SingleInt state="Error" value="2">
Inactive
</SingleInt>
</Lookups>
</ValueLookup>
Sensor settings in EXE/Script Advanced:
Exe/script: rest.exe (copied from C:\Program Files (x86)\PRTG Network Monitor\Sensor System)
Parameters:
"https://paloaltofqdn/api/?type=op&cmd=<show><running><tunnel><flow><all></all></flow></tunnel></running></show>&key=MYAPIKEY" "C:\Program Files (x86)\PRTG Network Monitor\Custom Sensors\rest\paloalto.vpnstatus.template" -tlsignore
This is the result:
https://ibb.co/bNRDM7p
This sensor is not taking care of the Palo Alto cluster we have, as it's only monitoring the active firewall (but to be honest, if the active firewall is not working anymore, i at first got other problems than VPN states) and it's counting up manually so i have to keep in mind to extend the template when i got more than 30 IPSec VPNs but for now this will be doing it until maybe someone can help improving this.
Thanks a lot again, Erhard for your help!
Add comment