i am trying to implement IPSec VPN monitoring for our Palo Alto Firewall. At the moment we operate 28 branch sites and counting. I was able to obtain an XML file using Palo Altos API (https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClWUCA0) and pick my information out of the nodes using the HTTP XML/REST Value sensor. I am crawling through the results via the XML-Node option IPSec/entry/state to IPSec/entry[n]/state.
There are three states: active, inactive, init
I now receive a sensor message like IPSec/entry/state holds value active or IPSec/entry/state holds value init.
Here comes my question:
I want to somehow parse the message information into something useful in order to trigger notification if the value is not active.
Is there anyone who can help me out?
PS: I tried setting the monitoring up using this awesome Powershell script (http://www.hospitableit.com/howto/monitoring-an-ipsec-tunnel-on-a-palo-alto-firewall-using-prtg/) but i'm stuck there with some encryption/decryption errors....so the above is my workaround.
Thanks a lot in advance for any answer!