Open joschi99 opened 3 years ago
Could you provide the response with --debug option ?
./centreon_plugins.pl --plugin=network::paloalto::ssh::plugin --mode=ipsec --hostname=x.x.x.x --ssh-username=user--ssh-password=password --ssh-backend=libssh --debug
UNKNOWN: Cannot find xml response
Number of failed attempts since last successful login: 0
command response:
Number of failed attempts since last successful login: 0
Could you connect on your palo alto and execute following commands ?
set cli op-command-xml-output on
show vpn ike-sa
show vpn ipsec-sa
show vpn flow
ssh -l USERNAME x.x.x.x
Password:
Last login: Sun Nov 8 08:38:26 2020 from x.x.x.x
Number of failed attempts since last successful login: 0
> set cli op-command-xml-output on
> show vpn ike-sa
> show vpn ipsec-sa
<response status="success"><result>
<ntun>0</ntun>
<entries/>
</result></response>
> show vpn flow
<response status="success"><result>
<total>2</total>
<num_ipsec>0</num_ipsec>
<IPSec/>
<dp>dp0</dp>
<num_sslvpn>2</num_sslvpn>
</result></response>
> exit
Connection to x.x.x.x closed.
It comes from command: show vpn ike-sa
. Nothing is returned. That plugin check ipsec tunnels. And you have sslvpn tunnel only.
If you have the command to check sslvpn tunnel, maybe i could do something.
Hi @garnier-quentin, need to ask a Paloalto specialist for them. Could you fix the mode to ignore ike-sa if nothing returned?
If i ignore the empty command response, you'll have an output:
OK: | 'tunnels.ipsec.total.count'=0
Is it ok ?
I think this could be a good idea to solve the problem
What do you mean by 'solve the problem' ?
When show vpn ike-sa
returns empty at the moment the plugin will give:
UNKNOWN: Cannot find xml response
This should be the main problem, so we need a correct output. Did you agree?
Hi, Thanks for your interest in Centreon. Requests for new features and enhancements must be suggested here. Troubleshooting and questions must now be asked here (cf our new issue template.
Thank you for your understanding.
Hi @fmattesct, I don't think that this is a new feature or enhancement, but this change will resolve a problem. The check will not work correctly and returns "UNKNOWN: Cannot find xml response", so it should be a fix in my opinion and not a enhancement. This error will raise on every Paloalto depending on theis VPN configuration.
Did you agree with me, please let me know?
are there some news on this bug? Is open since more then 3 years. How we can help you?
Hi, ticket is created and priorized in our dev backlog.
Plugins 20201008