LogicMonitor’s suite for Palo Alto SD-WAN (formerly CloudGenix SD-WAN) monitors the following:

• Sites and traffic generated by the sites
• CloudGenix SD-WAN elements or devices and the status of these devices

This suite uses the Palo Alto Prisma SD-WAN API to retrieve site data.

Setup Requirements

• To configure the Palo Alto Prisma SD-WAN API, you need the Access Token from Palo Alto for the Cloudgenix portal.

Create CloudGenix Device Group

From the Resources page, create a Palo Alto SD-Wan device group and assign it the following properties:

Add Resources into Monitoring

Add sites and elements for monitoring, either manually or using NetScan. NetScan is the recommended method for adding sites, while Palo Alto SD-WAN elements should be added manually.

Adding Resources Manually

For adding Palo Alto SD-WAN elements manually, see Adding Devices.

Adding Resources using NetScan

You can create and run an advanced NetScan to automatically add sites. For more information, see Creating NetScans.

To configure the NetScan:

1. In Settings | NetScans | Add | Advanced NetScan, select “Upload a script or csv to discover devices” from the Method field’s dropdown.
2. From the scripting options, select “Embed Groovy Script”.
3. Copy and paste the following Groovy Script into the field, replacing “Enter API token here” with your Access Token (make sure the API token is enclosed in quotes):

import com.logicmonitor.common.sse.utils.GroovyScriptHelper as GSH
import com.logicmonitor.mod.Snippets
 
def token = "Enter API token here"
 
 
def modLoader = GSH.getInstance()._getScript("Snippets", Snippets.getLoader()).withBinding(getBinding())
def collectorCache = this.class.classLoader.loadClass("com.santaba.agent.util.script.ScriptCache").getCache()
def sdwan = modLoader.load("paloalto.sdwan", "0")
 
def endpoint = "https://api.cloudgenix.com:443"
Map headers = [:]
headers.put("x-auth-token", token)
headers.put("Content-Type", "application/json")
def url = endpoint + "/v2.0/api/profile"
profileData = sdwan.httpGet(url, headers, 5)
String tenant = profileData.data.tenant_id
String region = profileData.data.region
 
endpoint = "https://api.${region}.cloudgenix.com:443"  // add the region to the endpoint
Map sites = sdwan.sites(endpoint, tenant, headers, collectorCache)
sites.each{ k,v ->
    println "${k}.site.invalid##${v}##auto.paloalto.sdwan.tenant=${tenant}##auto.paloalto.sdwan.siteid=${k}"
}
return 0

Manually Configure Sites

Although the NetScan method is recommended, you can also manually configure sites.

• Sites need to be set up with the property of the SiteID used in the hostname and in the format siteid.site.invalid, such as in the example: 15342169863630098.site.invalid.
• We recommend that the display name match the site names in the SD-WAN configuration, such as Toledo or Main Office.

The following two properties need to be obtained from Palo Alto and set on each site:

The addCategory_PaloAlto_SDWAN PropertySource will complete the configuration.

Import LogicModules

From the LogicMonitor public repository, import all PaloAlto SD-WAN LogicModules, which are listed in the LogicModules in Package section of this support article. If these LogicModules are already present, ensure you have the most recent versions. Once the LogicModules are imported (assuming all previous setup requirements have been met), data collection will automatically commence.

LogicModules in Package

Note: Alerts are generated by Palo Alto Prisma SD-WAN API and imported into LogicMonitor.

Palo Alto SD-WAN Event Monitoring

Palo Alto SD-WAN event monitoring can be noisy for large installations. The following are optional properties you can set to override the existing Palo Alto SD-WAN alert levels if there are errors that need to be ignored or elevated. For more information, see Palo Alto’s alert codes documentation.