https://live.paloaltonetworks.com/t5/general-topics/monitoring-palo-db-cloud-service/m-p/588622#M117352 <P>Hi All,&nbsp;</P> <P>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; We recently encountered an issue where our firewalls got disconnected from Palo DB cloud database, the was due to a known issue in Palo OS we are running. I am looking for a way to monitor Palo DB cloud connectivity. We do not have solarwinds otherwise I would have used an OID to monitor that specific service.&nbsp;</P> <P>&nbsp;</P> <P>Is there a way to still monitor Palo DB connectivity like forwarding the logs to Splunk and then generating an email from there to all the stakeholders&nbsp;</P> <P>&nbsp;</P> <P>Thanks for any recommendations&nbsp;</P> Mon, 03 Jun 2024 17:38:46 GMT Ironsecurity 2024-06-03T17:38:46Z https://live.paloaltonetworks.com/t5/general-topics/monitoring-palo-db-cloud-service/m-p/588622#M117352 <P>Hi All,&nbsp;</P> <P>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; We recently encountered an issue where our firewalls got disconnected from Palo DB cloud database, the was due to a known issue in Palo OS we are running. I am looking for a way to monitor Palo DB cloud connectivity. We do not have solarwinds otherwise I would have used an OID to monitor that specific service.&nbsp;</P> <P>&nbsp;</P> <P>Is there a way to still monitor Palo DB connectivity like forwarding the logs to Splunk and then generating an email from there to all the stakeholders&nbsp;</P> <P>&nbsp;</P> <P>Thanks for any recommendations&nbsp;</P> Mon, 03 Jun 2024 17:38:46 GMT https://live.paloaltonetworks.com/t5/general-topics/monitoring-palo-db-cloud-service/m-p/588622#M117352 Ironsecurity 2024-06-03T17:38:46Z https://live.paloaltonetworks.com/t5/general-topics/monitoring-palo-db-cloud-service/m-p/588633#M117353 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/96531353">@Ironsecurity</a>,</P> <P>Generally speaking this would be wrapped up in monitoring system events and either having the firewall send an email/http alert itself or forwarding the events to something like Splunk/Graylog and setting up desired alerts there.</P> <P>&nbsp;</P> <P>The majority of cloud connection issues are going to be in system logs if you utilize this filter:</P> <LI-CODE lang="markup">(severity eq medium) and (eventid eq 'general')</LI-CODE> <P>Fair warning that this doesn't limit things to cloud connection issues and you might have events you want to exclude, but you would just adjust the query. This will cover download failures, upgrade failures, and stuff like that.</P> <P>&nbsp;</P> <P>PAN has a special subtype named 'dyanmic-updates' but note that this isn't utilized for anything other then messages that they deem worth sending out. I would personally think you likely want those as well, but I would also say you should be receiving an email notification for anything with a severity of high or greater for your firewall (severity geq high).</P> Mon, 03 Jun 2024 19:18:28 GMT https://live.paloaltonetworks.com/t5/general-topics/monitoring-palo-db-cloud-service/m-p/588633#M117353 BPry 2024-06-03T19:18:28Z https://live.paloaltonetworks.com/t5/general-topics/monitoring-palo-db-cloud-service/m-p/588860#M117387 <P>Thanks that helped, i was able to filter out specific eventid's with below filter</P> <P>&nbsp;</P> <P>( eventid eq cloud-election ) or ( eventid eq url-cloud-connection-failure)&nbsp;&nbsp;</P> <P>&nbsp;</P> <P>There are certain informational logs that are not being forwarded to Splunk, but i see it in Palo Alto, I am still figuring that part out.&nbsp;</P> Wed, 05 Jun 2024 17:05:55 GMT https://live.paloaltonetworks.com/t5/general-topics/monitoring-palo-db-cloud-service/m-p/588860#M117387 Ironsecurity 2024-06-05T17:05:55Z