How to Export Large Traffic Logs from Palo Alto Firewall?

Recently, I faced a unique challenge, I needed to export a massive amount of traffic logs from a Palo Alto Firewall for analysis. Initially, I thought it would be straightforward, log into the GUI, apply the necessary traffic log filter, and export the logs as a CSV file. Easy peasy, right? Well, not exactly. I quickly ran into a roadblock that made me rethink my approach.

In this blog post, I'll share the hurdles I encountered and how I managed to find a workaround to export the logs and analyze them using Python Pandas.

The Problem

By default, Palo Alto only exports 65535 rows in the CSV file, which is not nearly enough. If you have a large network, that amount might only cover a few minutes of logs. Even if you change the value, the maximum it can support is 1048576, which might cover maybe an hour's worth of logs. But for my use case, I needed at least a month of logs. I couldn't get what I wanted from the built-in report options, so I was scratching my head. I then tried to export the logs via SCP on the CLI, but again encountered the same maximum row Continue reading

SuzieQ Network Observability

In today’s post, we’re exploring SuzieQ, an open-source network observability platform that’s making waves in the way we monitor and understand our networks. It supports a wide array of devices from top vendors like Arista, Cisco, and Juniper, among others. We’ll start with the fundamentals and finish with a practical example to clearly illustrate how SuzieQ sets itself apart from other automation tools.

What We Will Cover?

1. What exactly is SuzieQ?
2. How does SuzieQ work?
3. How to install SuzieQ?
4. SuzieQ terminology (Configuration, Inventory, suzieq-cli, poller)
5. Configuration and Inventory files
6. Examples using OSPF Topology
7. Path Analysis

What Exactly is SuzieQ?

I first came across SuzieQ a while back but didn't dive deep into it because tools like Netmiko or Napalm were fitting my needs just fine. That changed when I tuned into a recent Packet Pushers podcast featuring Dinesh Dutt, the brain behind SuzieQ. Hearing him talk about it got me really interested.

After the podcast, I couldn't hold back from giving SuzieQ a try. There have been many times when I found myself writing custom scripts to get things done, only to discover that SuzieQ could have handled those tasks much more smoothly.

So, what is SuzieQ? In simple Continue reading

How do we overcome Imposter Syndrome?

I was thinking of writing about Imposter Syndrome for so long but I didn't because I thought someone might figure out I don't know what I am talking about.

This is so real, I'm not even kidding. The feeling of doubting your abilities and feeling like a fraud. It's something many of us experience, especially when we're stepping out of our comfort zones or tackling new challenges. So, I decided to face this head-on and share some ways to deal with it. First, it's important to recognize when we're being too hard on ourselves. We often set unrealistically high standards and then beat ourselves up when we don't meet them. It's okay to not know everything – after all, we're all learning as we go.

Talking to others can also be a big help. You'll often find that many people feel the same way and have their own experiences with Imposter Syndrome. This can be a huge relief to know you're not alone in this.

What Exactly is Imposter Syndrome?

In plain terms, it's when you feel like you're not as competent as others perceive you to be. You might think you're not good enough, despite there being clear signs Continue reading