search

skalavala / mysmarthome

:star: ALIVE Again! :star: SmartHome - Nothing but smarthome stuff here! Have fun browsing through my home automation setup... ping me on Discord with any questions! :thumbsup:
https://www.awesome-automations.com/
MIT License
258 stars 37 forks source link

VPN Loggedin Users and Count #2

Open ghost opened 4 years ago

ghost commented 4 years ago

Having issues with the custom palo alto GP sensor. I am showing 0 users. The current command is successful but does not provide results because I believe that the show command requires the name of the portal and possibly the vsys.

Is the show command outdated for version 9?

Is it suppose to be: <show><global-protect-gateway><current-user></current-user></global-protect-gateway></show>

As seen here:

https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-panorama-api/pan-os-xml-api-use-cases/show-and-manage-globalprotect-users-api.html

Thanks,

Jon

FoUStep commented 2 years ago

Just found this gem. It shows everyone logged in at the portal (to either download the client or whatever).

You need to change the portal into the gateway as shown above, along with and a change into the counting code. Change all this in the sensor.py file, restart your entire Home Assistant host and it'll work.

Like this: <show><global-protect-gateway><current-user/></global-protect-gateway></show>

Also look for this piece:

    def parse_globalprotect_users(self):
        user_count = 0
        vpn_users = []
        root = ET.fromstring(self._gp_users)
        nodes = root.findall('result/gp-portal-users/user')
        for user in nodes:
            user_count += 1
            vpn_users.append(user.find('username').text)

Change the nodes rule into:

    def parse_globalprotect_users(self):
        user_count = 0
        vpn_users = []
        root = ET.fromstring(self._gp_users)
        nodes = root.findall('result/entry')
        for user in nodes:
            user_count += 1
            vpn_users.append(user.find('username').text)

Tested this on PAN-OS 10.2 on a PA-220. It works.

footcricket05 commented 10 months ago

It appears that you are working with Palo Alto GlobalProtect and trying to retrieve information about connected users using the API. The API structure may vary between different versions of Palo Alto PAN-OS, and it's essential to use the appropriate API endpoint and XML structure for the version you're working with.

In PAN-OS version 9.1, the correct XML structure for retrieving GlobalProtect user information should be as follows:

<show>
    <global-protect-gateway>
        <current-user></current-user>
    </global-protect-gateway>
</show>

The structure you've provided appears to be correct based on the documentation you linked. The command should be valid for version 9.1.

Here are a few things to check if you are not getting the expected results:

  1. Ensure that you have the necessary permissions and access to retrieve user information.
  2. Double-check your API request to make sure there are no typos or syntax errors.
  3. Verify that the GlobalProtect Gateway and VSYS names you are using in your request are accurate.
  4. Check the version of PAN-OS you are working with, as the API structure can differ between versions. Make sure you are using the correct structure for version 9.1.