{"id":41395809,"url":"https://github.com/scottdware/go-panos","last_synced_at":"2026-01-23T12:53:23.710Z","repository":{"id":33302658,"uuid":"36947394","full_name":"scottdware/go-panos","owner":"scottdware","description":"Go package to interact with Palo Alto devices.","archived":false,"fork":false,"pushed_at":"2020-09-25T04:27:55.000Z","size":330,"stargazers_count":34,"open_issues_count":6,"forks_count":12,"subscribers_count":6,"default_branch":"master","last_synced_at":"2024-06-19T03:13:57.869Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/scottdware.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2015-06-05T18:02:45.000Z","updated_at":"2024-05-03T04:18:45.000Z","dependencies_parsed_at":"2022-08-24T15:11:19.756Z","dependency_job_id":null,"html_url":"https://github.com/scottdware/go-panos","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/scottdware/go-panos","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/scottdware%2Fgo-panos","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/scottdware%2Fgo-panos/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/scottdware%2Fgo-panos/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/scottdware%2Fgo-panos/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/scottdware","download_url":"https://codeload.github.com/scottdware/go-panos/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/scottdware%2Fgo-panos/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28692249,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-23T11:01:27.039Z","status":"ssl_error","status_checked_at":"2026-01-23T11:00:26.909Z","response_time":59,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2026-01-23T12:53:23.518Z","updated_at":"2026-01-23T12:53:23.681Z","avatar_url":"https://github.com/scottdware.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"## go-panos\r\n[![GoDoc](https://godoc.org/github.com/scottdware/go-panos?status.svg)](https://godoc.org/github.com/scottdware/go-panos) [![Travis-CI](https://travis-ci.org/scottdware/go-panos.svg?branch=master)](https://travis-ci.org/scottdware/go-panos) [![Go Report Card](https://goreportcard.com/badge/github.com/scottdware/go-panos)](https://goreportcard.com/report/github.com/scottdware/go-panos)\r\n\r\nA Go package that interacts with Palo Alto devices using their XML API. For official and detailed package documentation, please visit the [Godoc][godoc-go-panos] page.\r\n\r\n* [Installation](https://github.com/scottdware/go-panos#installation)\r\n* [Establishing a session](https://github.com/scottdware/go-panos#establishing-a-session)\r\n* [Configuring devices using Xpath](https://github.com/scottdware/go-panos#configuration-using-xpath)\r\n* [Handling shared objects on Panorama](https://github.com/scottdware/go-panos#handling-shared-objects-on-panorama)\r\n* [Retrieving logs](https://github.com/scottdware/go-panos#retrieving-logs)\r\n* [Creating objects from a CSV file](https://github.com/scottdware/go-panos#creating-objects-from-a-csv-file)\r\n* [Modifying groups from a CSV file](https://github.com/scottdware/go-panos#modifying-object-groups-from-a-csv-file)\r\n\r\n---\r\n\r\nThis API allows you to do the following:\r\n\r\n* List objects on devices: address, service, custom-url-category, device-groups (Panorama), policies, tags, templates, log forwarding profiles, security profile groups, managed devices (Panorama), etc..\r\n* Retrieve information about all applications (predefined) or a single one.\r\n* Create, rename, and delete objects.\r\n* Create security rules.\r\n* View jobs on a device.\r\n* Query and retrieve the following log-types: `config`, `system`, `traffic`, `threat`, `wildfire`, `url`, `data`.\r\n* Create multiple objects at once from a CSV file. You can also specify different device-groups you want the object to be created under (object overrides), as well as tag them.\r\n* Modify address and service groups using a CSV file.\r\n* Create, apply, and remove tags from objects and rules.\r\n* Create EDL's (External Dynamic List).\r\n* Add/remove objects from address/service groups and custom-url-categories.\r\n* Create templates, template stacks and assign devices and templates to them (Panorama).\r\n* Commit configurations and commit to device-groups (Panorama).\r\n* Apply a log forwarding or security profile to an entire policy or individual rules.\r\n* Manipulate any part the configuration using Xpath functions (advanced).\r\n\r\nThe following features are currently available only on the local firewall:\r\n\r\n* List the NAT policy.\r\n* View the entire routing table and details about each route.\r\n* Gather information about each session in the session table.\r\n* Get all of the interface information configured on a firewall.\r\n* Create interfaces (including sub-interfaces), zones, vlans, virtual-wires, virtual-routers and static routes.\r\n* Add and remove interfaces to zones, vlans and virtual-routers.\r\n* List all configured IPSec VPN tunnels, gateways, and crypto profiles.\r\n* Create IPSec VPN tunnels, gateways, and crypto profiles.\r\n* Add/delete proxy-id's to IPSec VPN tunnels.\r\n* Test URL's to see what they are being categorized under.\r\n* Test route lookup.\r\n\r\n## Installation\r\n\r\n`go get -u github.com/scottdware/go-panos`\r\n\r\n##### Usage\r\n\r\n`import \"github.com/scottdware/go-panos\"`\r\n\r\n## Establishing A Session\r\n\r\nThere are two ways you can authenticate to a device: username and password, or using the API key. Here is an\r\nexample of both methods.\r\n\r\n```Go\r\n// Username and password\r\ncreds := \u0026panos.AuthMethod{\r\n    Credentials: []string{\"admin\", \"password\"},\r\n}\r\n\r\npan, err := panos.NewSession(\"pan-firewall.company.com\", creds)\r\nif err != nil {\r\n    fmt.Println(err)\r\n}\r\n\r\n// API key\r\ncreds := \u0026panos.AuthMethod{\r\n    APIKey: \"Awholemessofrandomcharactersandnumbers1234567890=\",\r\n}\r\n\r\npan, err := panos.NewSession(\"panorama.company.com\", creds)\r\nif err != nil {\r\n    fmt.Println(err)\r\n}\r\n```\r\n\r\nThe moment you establish a successful connection to the device, various information and statistics are gathered. They are\r\nassigned to a field in the [Palo Alto][paloalto-struct] struct (click the link for the list of fields), and can then be iterated over.\r\n\r\n```Go\r\n// View the device's uptime\r\nfmt.Println(pan.Uptime)\r\n\r\n// View the device's application and threat version, as well as when they were released\r\nfmt.Printf(\"App Version: %s (Released: %s)\\n\", pan.AppVersion, pan.AppReleaseDate)\r\nfmt.Printf(\"Threat Version: %s (Released: %s)\\n\", pan.ThreatVersion, pan.ThreatReleaseDate)\r\n```\r\n\r\n## Configuration Using Xpath\r\n\r\nOutside of the built in functions that make working with the configuration simpler, there are also functions that\r\nallow you to modify any part of the configuration using Xpath. The following configuration actions are supported:\r\n\r\n`show, get, set, edit, delete, rename, override, move, clone, multi-move, multi-clone`\r\n\r\n\u003e *NOTE*: For specific examples of how to use xpath values when using these actions, visit the [PAN-OS XML API configuration API][pan-xml-api-config].\r\n\r\nThe above actions are used in the following `go-panos` functions:\r\n\r\n`XpathConfig()` | `XpathGetConfig()` | `XpathClone()` | `XpathMove()` | `XpathMulti()`\r\n:---: | :---: | :---: | :---: | :---:\r\n`set`, `edit`, `delete`, `rename`, `override` | `show/get` active or candidate configuration | `clone` | `move` | `multi-move`, `multi-clone`\r\n\r\n\u003e **_\u003cspan style=\"color:red\"\u003eNOTE\u003c/span\u003e_**: These functions are more suited for \"power users,\" as there is a lot more that you have to know in regards to\r\nXpath and XML, as well as knowing how the PANOS XML is structured.\r\n\r\n## Handling Shared objects on Panorama\r\n\r\nBy default, when you establish a session to a Panorama server, all object creation will be in the \r\ndevice-group you specify. If you want to create them as shared, you need to first tell your session\r\nthat shared objects will be preferred by doing the following:\r\n\r\n```Go\r\n// Establish a session\r\ncreds := \u0026panos.AuthMethod{\r\n    Credentials: []string{\"admin\", \"password\"},\r\n}\r\n\r\npan, err := panos.NewSession(\"panorama.company.com\", creds)\r\nif err != nil {\r\n    fmt.Println(err)\r\n}\r\n\r\n// Enable shared object creation\r\npan.SetShared(true)\r\n\r\n// Create an address object\r\npan.CreateAddress(\"test-ipv4-obj\", \"ip\", \"1.1.1.2/32\", \"A test object\")\r\n\r\n// Turn off shared object creation\r\npan.SetShared(false)\r\n```\r\n\r\n## Retrieving Logs\r\n\r\nYou can retrieve logs from any Palo Alto device using the `QueryLogs()` and `RetrieveLogs()` functions. The `QueryLogs()` function is used to first\r\nspecify what type of log you want to retrieve, as well as any optional parameters such as a query: `(addr.src in 10.1.1.1) and (port.dst eq 443)`. These\r\noptional parameters are defined using the `LogParameters` struct.\r\n\r\nWhen you run the `QueryLogs()` function, it will return a job ID. This job ID is then used by `RetrieveLogs()` to query the system to see if the job has\r\ncompleted, and the data is ready to be exported. If the job status is not `FIN` then you will need to run `RetrieveLogs()` again until it has finished.\r\n\r\n\u003e **_\u003cspan style=\"color:red\"\u003eNOTE\u003c/span\u003e_**: In regards to how long you should wait to run `RetrieveLogs()`, I have tested a query against a lot of data, both on Panorama and a local firewall,\r\nand waited up to 2 minutes before retrieving them. Most times, you will get results within 5-10 seconds depending on your query.\r\n\r\nView the documentation for the [LogParameters][log-parameters-struct] struct.\r\n\r\nWhen iterating over the returned logs, there are many fields you can choose to display. View the documentation for the [Log][log-struct] struct fields for\r\na complete list.\r\n\r\nBelow is an example of how to retrieve traffic logs.\r\n\r\n```Go\r\n// Establish a session\r\ncreds := \u0026panos.AuthMethod{\r\n    Credentials: []string{\"admin\", \"password\"},\r\n}\r\n\r\npan, err := panos.NewSession(\"panorama.company.com\", creds)\r\nif err != nil {\r\n    fmt.Println(err)\r\n}\r\n\r\n// Query traffic logs for a specific source address, and return 20 logs.\r\nparams := \u0026panos.LogParameters{\r\n    Query: \"(addr.src in 10.1.1.1) and (app eq ssl)\",\r\n    NLogs: 20,\r\n}\r\n\r\njobID, err := pan.QueryLogs(\"traffic\", params)\r\nif err != nil {\r\n    fmt.Println(err)\r\n}\r\n\r\n// Wait 5 seconds before retrieving the logs. If the job still has not finished, then you will have to \r\n// run this same function again until it does.\r\ntime.Sleep(5 * time.Second)\r\n\r\nlog, err := pan.RetrieveLogs(jobID)\r\nif err != nil {\r\n    fmt.Println(err)\r\n}\r\n\r\n// Here, we are looping over every log returned, and just printing out the data. You can manipulate the data and\r\n// choose to display any field that you want.\r\nfor _, log := range log.Logs {\r\n    fmt.Printf(\"%+v\\n\", log)\r\n}\r\n```\r\n\r\n## Creating Objects from a CSV File\r\n\r\nThis example shows you how to create multiple address and service objects, as well as address and service groups using a CSV file. You can also do object overrides by creating an object in a parent device-group, then creating the same object in a child device-group with a different value. Tagging objects upon creation is supported as well.\r\n\r\nThe CSV file should be organized with the following columns:\r\n\r\n`name,type,value,description (optional),tag (optional),device-group`.\r\n\r\n\u003e **_\u003cspan style=\"color:red\"\u003eNOTE\u003c/span\u003e_**: Here are a few things to keep in mind when creating objects:\r\n\u003e * For the name of the object, it cannot be longer than 63 characters, and must only include letters, numbers, spaces, hyphens, and underscores.\r\n\u003e * If you are tagging an object upon creation, please make sure that the tags exist prior to creating the objects.\r\n\u003e * When creating service groups, you DO NOT need to specify a description, as they do not have that capability.\r\n\u003e * When you create address or service groups, I would place them at the bottom of the CSV file, that way you don't risk adding a member that doesn't exist.\r\n\u003e * When creating objects on a local firewall, and not Panorama, you can leave the device-group column blank.\r\n\r\n#### Creating Address Objects\r\nWhen creating address objects:\r\n\r\nColumn | Description\r\n:--- | :---\r\n`name` | Name of the object you wish to create.\r\n`type` | **ip**, **range**, or **fqdn**\r\n`value` | Must contain the IP address, FQDN, or IP range of the object.\r\n`description` | (Optional) A description of the object.\r\n`tag` | (Optional) Name of a pre-existing tag on the device to apply.\r\n`device-group` | Name of the device-group, or **shared** if creating a shared object.\r\n\r\nWhen creating address groups:\r\n\r\nColumn | Description\r\n:--- | :---\r\n`name` | Name of the address group you wish to create.\r\n`type` | **static** or **dynamic**\r\n`value` | * See below explanation\r\n`description` | (Optional) A description of the object.\r\n`tag` | (Optional) Name of a pre-existing tag on the device to apply.\r\n`device-group` | Name of the device-group, or **shared** if creating a shared object.\r\n\r\nFor a **_static_** address group, `value` must contain a comma-separated list of members to add to the group, enclosed in quotes `\"\"`, e.g.:\r\n\r\n`\"ip-host1, ip-net1, fqdn-example.com\"`\r\n\r\nFor a **_dynamic_** address group, `value` must contain the criteria (tags) to match on. This **_MUST_** be enclosed in quotes `\"\"`, and\r\neach criteria (tag) must be surrounded by single-quotes `'`, e.g.:\r\n\r\n`\"'web-servers' or 'db-servers' and 'linux'\"`\r\n\r\n#### Creating Service Objects\r\nWhen creating service objects:\r\n\r\nColumn | Description\r\n:--- | :---\r\n`name` | Name of the object you wish to create.\r\n`type` | **tcp** or **udp**\r\n`value` | * See below\r\n`description` | (Optional) A description of the object.\r\n`tag` | (Optional) Name of a pre-existing tag on the device to apply.\r\n`device-group` | Name of the device-group, or **shared** if creating a shared object.\r\n\r\n* `value` must contain a single port number, range (1023-3000), or comma-separated list of ports, enclosed in quotes `\"\"` and separated by a comma, e.g.: `\"80, 443, 2000\"`.\r\n\r\nWhen creating service groups:\r\n\r\nColumn | Description\r\n:--- | :---\r\n`name` | Name of the object you wish to create.\r\n`type` | **service**\r\n`value` | * See below\r\n`description` | Not available on service groups.\r\n`tag` | (Optional) Name of a pre-existing tag on the device to apply.\r\n`device-group` | Name of the device-group, or **shared** if creating a shared object.\r\n\r\n* `value` must contain a comma-separated list of service objects to add to the group, enclosed in quotes `\"\"`, e.g.: `\"tcp_8080, udp_666, tcp_range\"`.\r\n\r\n#### Example\r\n*__Address Object Creation on Panorama__*\r\n\r\nLet's assume we have a CSV file called `objects.csv` that looks like the following:\r\n\r\n![alt-text](https://raw.githubusercontent.com/scottdware/images/master/csv.PNG \"objects.csv\")\r\n\r\nRunning the below code against a Panorama device will create the objects above.\r\n\r\n```Go\r\n// Connect to Panorama\r\ncreds := \u0026panos.AuthMethod{\r\n    Credentials: []string{\"admin\", \"password\"},\r\n}\r\n\r\npan, err := panos.NewSession(\"panorama.company.com\", creds)\r\nif err != nil {\r\n    fmt.Println(err)\r\n}\r\n\r\npan.CreateObjectsFromCsv(\"objects.csv\")\r\n```\r\n\r\nIf we take a look at Panorama, and view the `Vader` device-group address objects, we can see all of our objects:\r\n\r\n![alt-text](https://raw.githubusercontent.com/scottdware/images/master/addresses.PNG \"Vader device-group\")\r\n\r\nAnd here are our address group objects:\r\n\r\n![alt-text](https://raw.githubusercontent.com/scottdware/images/master/address-groups.PNG \"Vader device-group\")\r\n\r\nWe specified a `web-server` address object in the `Vader` device-group, as well as a `web-server` address object in the `Luke` device-group. This is an example of how you do object overrides. The `Luke` device-group\r\nis a child of the `Vader` device-group, but needs to have a different IP address assigned to the `web-server` object. This is visible by the override green/yellow icon next to the `web-server` object name.\r\n\r\n![alt-text](https://raw.githubusercontent.com/scottdware/images/master/override.PNG \"Vader device-group\")\r\n\r\n## Modifying Object Groups from a CSV File\r\n\r\nThis example shows you how to modify address and service group objects using a CSV file.\r\n\r\nThe CSV file should be organized with the following columns:\r\n\r\n`grouptype,action,object-name,group-name,device-group`.\r\n\r\nColumn | Description\r\n:--- | :---\r\n`grouptype` | **address** or **service**\r\n`action` | **add** or **remove**\r\n`object-name` | Name of the object to add or remove from group.\r\n`group-name` | Name of the group to modify.\r\n`device-group` | Name of the device-group, or **shared** if creating a shared object.\r\n\r\n#### Example\r\n*__Group Modification on a Local Firewall__*\r\n\r\nLet's assume we have a CSV file called `modify.csv` that looks like the following:\r\n\r\n![alt-text](https://raw.githubusercontent.com/scottdware/images/master/modify_csv.PNG \"modify.csv\")\r\n\r\nRunning the below code against a firewall will modify the groups either adding or removing objects that you specified.\r\n\r\n```Go\r\n// Connect to Panorama\r\ncreds := \u0026panos.AuthMethod{\r\n    Credentials: []string{\"admin\", \"password\"},\r\n}\r\n\r\npan, err := panos.NewSession(\"firewall.company.com\", creds)\r\nif err != nil {\r\n    fmt.Println(err)\r\n}\r\n\r\npan.ModifyGroupsFromCsv(\"modify.csv\")\r\n```\r\n\r\nHere is what the address group `home_lab_group` looks like before and after running the above script.\r\n\r\n![alt-text](https://raw.githubusercontent.com/scottdware/images/master/address_group.PNG \"Address group prior to change\")\r\n\r\n![alt-text](https://raw.githubusercontent.com/scottdware/images/master/modified_address_group.PNG \"Address group after change\")\r\n\r\nHere is what the service group `tcp_services` looks like before and after running the above script.\r\n\r\n![alt-text](https://raw.githubusercontent.com/scottdware/images/master/service_group.PNG \"Service group prior to change\")\r\n\r\n![alt-text](https://raw.githubusercontent.com/scottdware/images/master/modified_service_group.PNG \"Service group after change\")\r\n\r\n[godoc-go-panos]: http://godoc.org/github.com/scottdware/go-panos\r\n[license]: https://github.com/scottdware/go-panos/blob/master/LICENSE\r\n[pan-xml-api-config]: https://www.paloaltonetworks.com/documentation/80/pan-os/xml-api/pan-os-xml-api-request-types/configuration-api\r\n[log-parameters-struct]: http://godoc.org/github.com/scottdware/go-panos#LogParameters\r\n[log-struct]: http://godoc.org/github.com/scottdware/go-panos#Log\r\n[paloalto-struct]: http://godoc.org/github.com/scottdware/go-panos#PaloAlto\r\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fscottdware%2Fgo-panos","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fscottdware%2Fgo-panos","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fscottdware%2Fgo-panos/lists"}