topic Re: SNMP Trap Monitoring in General Topics

SNMP Trap Monitoring

Khassam — Mon, 19 Jun 2023 14:46:41 GMT

Hello,

We were wondering about the feasibility of configuring SNMP traps for some of our Firewalls instead of using SNMP polling.

Currently we're using SNMP polling to monitor information like :

- Interface status
- Interface bandwidth
- Temperature
- CPU Management and Data
- Log Rate
- Sessions
- HA cluster

In your documentation SNMP Monitoring and Traps, it says that we have to use Log Forwarding but we are unsure that the information we want to monitor exist in the Log type.

We will be glad if you could confirm that migrating to a SNMP trap solution will not impact our current monitoring information.

Thank you in advance.

Re: SNMP Trap Monitoring

aleksandar.astardzhiev — Tue, 20 Jun 2023 11:12:54 GMT

Hi @Khassam ,

You have understand that correctly - SNMP traps in PAN firewalls are configured with log forwarding profiles, where you can specify which log type to be forwarded as trap.

However the screenshot you have provided is for Log Forwarding object, which is used for "traffic related" logs that you can apply on any security rules. What you actually need is here - https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-web-interface-help/device/device-log-settings For your specific case you need to configure log forwarding for System Logs and using the Filter to specify which exactly sub-type system logs you want to send as traps.

From top of my head I believe the following from your list are available as system logs and therefor can be forwarded as traps:

- interface status: log event for up or down is generated

- temperature: not completely sure, but I believe system log will be generated when critical temp is reaced

- cpu management and data: similar to temp, when critical levels are reached it should be logged.

- ha state: change in member state (passive, active or down) will be logged as well as HA interfaces (they are logged in ha sub-type )

I am not sure the following can be sent as traps:

- int bandwidth

- log rate

- session count

Re: SNMP Trap Monitoring

OtakarKlier — Tue, 20 Jun 2023 21:33:23 GMT

Hello,

SNMP polling is preferred to get more information on your device. I highly recommend using SNMPv3 for this purpose.

Regards,

Re: SNMP Trap Monitoring

Khassam — Wed, 21 Jun 2023 07:36:22 GMT

Hello @aleksandar.astardzhiev ,

Thanks for your answer.

I tried to find some documentation to confirm but with no success. I'll be glad if you have any document that confirm if each monitoring information will be available with SNMP Trap.

Thank you

Re: SNMP Trap Monitoring

Khassam — Wed, 21 Jun 2023 07:40:23 GMT

Hello,

I know but we have a new network configuration where It won't be possible to allow incoming SNMP flows. This is why we're trying to figure out the feasibility of a SNMP trap solution.

Re: SNMP Trap Monitoring

aleksandar.astardzhiev — Sun, 25 Jun 2023 07:16:57 GMT

Hi @Khassam ,

As I already mentioned - everything that is logged as log event can be forwarded as SNMP trap, you just need to find which log type and subtype to filter by. The type of information you mention is in system logs.

Here you can see what subtype its covers - https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-admin/monitoring/use-syslog-for-monitoring/syslog-field-descriptions/system-log-fields

https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/monitoring/view-and-manage-logs/log-types-and-severity-levels/system-logs