https://live.paloaltonetworks.com/t5/general-topics/log-system-setting/m-p/549486#M112123 <P>I want to set up messages to be sent to email&nbsp;<LI-MESSAGE title="Log Settings - Config" uid="338083" url="https://live.paloaltonetworks.com/t5/best-practice-assessment-device/log-settings-config/m-p/338083#U338083" discussion_style_icon_css="lia-mention-container-editor-message lia-img-icon-tkb-thread lia-fa-icon lia-fa-tkb lia-fa-thread lia-fa"></LI-MESSAGE>&nbsp;<BR />I want every user who connects to the admin to receive an email no matter where the WAB or CLI or IP source comes from.</P> <P>@filter builder</P> <P>(severity eq informational) and (description contains 'logged in via WEB') or (description contains 'logged in via CLI')</P> <P>&nbsp;</P> <P>This is what I configured Filter but only CLI works<BR />Am I missing something?</P> <P>&nbsp;</P> <P>I would appreciate your help.3</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Shalev_0-1689570642938.png" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/51624iDA533F5DD923B078/image-size/medium/is-moderation-mode/true?v=v2&amp;px=400" role="button" title="Shalev_0-1689570642938.png" alt="Shalev_0-1689570642938.png" /></span></P> <P>&nbsp;</P> Mon, 17 Jul 2023 05:10:52 GMT Shalev 2023-07-17T05:10:52Z https://live.paloaltonetworks.com/t5/general-topics/log-system-setting/m-p/549486#M112123 <P>I want to set up messages to be sent to email&nbsp;<LI-MESSAGE title="Log Settings - Config" uid="338083" url="https://live.paloaltonetworks.com/t5/best-practice-assessment-device/log-settings-config/m-p/338083#U338083" discussion_style_icon_css="lia-mention-container-editor-message lia-img-icon-tkb-thread lia-fa-icon lia-fa-tkb lia-fa-thread lia-fa"></LI-MESSAGE>&nbsp;<BR />I want every user who connects to the admin to receive an email no matter where the WAB or CLI or IP source comes from.</P> <P>@filter builder</P> <P>(severity eq informational) and (description contains 'logged in via WEB') or (description contains 'logged in via CLI')</P> <P>&nbsp;</P> <P>This is what I configured Filter but only CLI works<BR />Am I missing something?</P> <P>&nbsp;</P> <P>I would appreciate your help.3</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Shalev_0-1689570642938.png" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/51624iDA533F5DD923B078/image-size/medium/is-moderation-mode/true?v=v2&amp;px=400" role="button" title="Shalev_0-1689570642938.png" alt="Shalev_0-1689570642938.png" /></span></P> <P>&nbsp;</P> Mon, 17 Jul 2023 05:10:52 GMT https://live.paloaltonetworks.com/t5/general-topics/log-system-setting/m-p/549486#M112123 Shalev 2023-07-17T05:10:52Z https://live.paloaltonetworks.com/t5/general-topics/log-system-setting/m-p/549661#M112133 <P>Hello&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/264820">@Shalev</a></P> <P>&nbsp;</P> <P>thanks for posting.</P> <P>&nbsp;</P> <P>To me it looks like there is an issue with upper/lower case. Could you change it to: "logged in via Web"?</P> <P>&nbsp;</P> <P>Kind Regards</P> <P>Pavel</P> Mon, 17 Jul 2023 23:21:09 GMT https://live.paloaltonetworks.com/t5/general-topics/log-system-setting/m-p/549661#M112133 PavelK 2023-07-17T23:21:09Z https://live.paloaltonetworks.com/t5/general-topics/log-system-setting/m-p/549747#M112136 <P>Hello,</P> <P>Change the filter to:</P> <P><SPAN>(severity eq informational) and (description contains 'logged in via Web') or (description contains 'logged in via CLI')</SPAN></P> <P>&nbsp;</P> <P>This should help.</P> <P>&nbsp;</P> Tue, 18 Jul 2023 08:50:05 GMT https://live.paloaltonetworks.com/t5/general-topics/log-system-setting/m-p/549747#M112136 akuzhuppilly 2023-07-18T08:50:05Z https://live.paloaltonetworks.com/t5/general-topics/log-system-setting/m-p/549770#M112143 <P>This is not work</P> Tue, 18 Jul 2023 09:51:54 GMT https://live.paloaltonetworks.com/t5/general-topics/log-system-setting/m-p/549770#M112143 Shalev 2023-07-18T09:51:54Z https://live.paloaltonetworks.com/t5/general-topics/log-system-setting/m-p/549771#M112144 <P>Hello&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/264820">@Shalev</a></P> <P>&nbsp;</P> <P>could you post the screen shot with current filter you put in?</P> <P>&nbsp;</P> <P>Kind Regards</P> <P>Pavel</P> Tue, 18 Jul 2023 10:03:05 GMT https://live.paloaltonetworks.com/t5/general-topics/log-system-setting/m-p/549771#M112144 PavelK 2023-07-18T10:03:05Z https://live.paloaltonetworks.com/t5/general-topics/log-system-setting/m-p/549773#M112145 <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Screenshot 2023-07-18 130446.png" style="width: 798px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/51719iC1275BE7695380D7/image-size/large/is-moderation-mode/true?v=v2&amp;px=999" role="button" title="Screenshot 2023-07-18 130446.png" alt="Screenshot 2023-07-18 130446.png" /></span></P> Tue, 18 Jul 2023 10:05:16 GMT https://live.paloaltonetworks.com/t5/general-topics/log-system-setting/m-p/549773#M112145 Shalev 2023-07-18T10:05:16Z https://live.paloaltonetworks.com/t5/general-topics/log-system-setting/m-p/549774#M112146 <P>Hello,</P> <P>I just checked this query from one of my firewalls and the results are as expected. You will need to login to the GUI and CLI to regenerate the alerts.</P> <P>&nbsp;</P> <P>&nbsp;</P> Tue, 18 Jul 2023 10:06:11 GMT https://live.paloaltonetworks.com/t5/general-topics/log-system-setting/m-p/549774#M112146 akuzhuppilly 2023-07-18T10:06:11Z https://live.paloaltonetworks.com/t5/general-topics/log-system-setting/m-p/549780#M112147 <P>I exited and entered FW and I only have a notification about CLI and not about Wab</P> Tue, 18 Jul 2023 10:10:46 GMT https://live.paloaltonetworks.com/t5/general-topics/log-system-setting/m-p/549780#M112147 Shalev 2023-07-18T10:10:46Z https://live.paloaltonetworks.com/t5/general-topics/log-system-setting/m-p/549798#M112148 <P>I succeeded<BR />For general knowledge this is the command:&nbsp;(severity eq informational) and ( description contains 'logged in via Web from') or (description contains 'logged in via CLI')</P> Tue, 18 Jul 2023 11:57:21 GMT https://live.paloaltonetworks.com/t5/general-topics/log-system-setting/m-p/549798#M112148 Shalev 2023-07-18T11:57:21Z https://live.paloaltonetworks.com/t5/general-topics/log-system-setting/m-p/549819#M112150 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/264820">@Shalev</a>,</P> <P>A couple notes:</P> <UL> <LI>The filter you're using really should be grouped to the following "(severity eq informational) and ((description contains 'logged in via Web from') or (description contains 'logged in via CLI')). What you have is functional, but the search is logging for an informational event with 'logged in via Web from' in the description&nbsp;<STRONG>or&nbsp;</STRONG><EM>any&nbsp;</EM>event with 'logged in via CLI' as presently written.</LI> <LI>You don't need informational in this at all. You've targeted the description enough that you'll get your events regardless of that being included or not. It's just kind of extra at this point, it's not harming anything but it also isn't needed.&nbsp;</LI> </UL> Tue, 18 Jul 2023 13:00:59 GMT https://live.paloaltonetworks.com/t5/general-topics/log-system-setting/m-p/549819#M112150 BPry 2023-07-18T13:00:59Z