https://live.paloaltonetworks.com/t5/general-topics/automated-alerts-when-log-forwarding-stops-freezes/m-p/18585#M13569 <HTML><HEAD></HEAD><BODY><P>Thanks <A href="https://live.paloaltonetworks.com/u1/17985">Steven Puluka</A>, the problem is though, that our logging platform is Panorama.&nbsp; Panorama doesn't offer any of those features.&nbsp; It seems so ridiculous that a system that is specifically designed (M-100) to be a Log Collector, doesn't have a way to notify its admins when it's not actually collecting logs from a device that it was previously collecting logs from.</P></BODY></HTML> Thu, 26 Jun 2014 14:21:20 GMT MRosloniec 2014-06-26T14:21:20Z https://live.paloaltonetworks.com/t5/general-topics/automated-alerts-when-log-forwarding-stops-freezes/m-p/18583#M13567 <HTML><HEAD></HEAD><BODY><P>Hey Community - </P><P>Wondering if anyone has come up with a good way to automate an alert / alarm when there is an issue with a Firewall reporting to a DLC (distributed log collector)?&nbsp; We have about 27 firewalls all of which send to 1 of 4 log collectors, and we are seeing an increase of Log Forwarding issues --&gt;&nbsp; Some sending only Denies (when all rules are set to forward logs), Some not sending Any... The fix for this is to restart the Log Forwarding process on each device, but this can be very time consuming to check each of the 27 devices to make sure we're getting the logs we expect to get, and then restart the process if necessary.&nbsp; We are relying on the logs in the DLC's for PCI compliance, and to date, Palo Alto Support claims there is no way to get notified if a Firewall stops sending logs to a log forwarder.&nbsp; I would love to hear anything creative anyone else has done to help alleviate this headache...?</P><P></P><P>Thanks!</P><P>Matt</P></BODY></HTML> Mon, 23 Jun 2014 14:10:31 GMT https://live.paloaltonetworks.com/t5/general-topics/automated-alerts-when-log-forwarding-stops-freezes/m-p/18583#M13567 MRosloniec 2014-06-23T14:10:31Z https://live.paloaltonetworks.com/t5/general-topics/automated-alerts-when-log-forwarding-stops-freezes/m-p/18584#M13568 <HTML><HEAD></HEAD><BODY><P>I don't have a specific answer.&nbsp; But if your logging platform supports some kind of dashboard page you could setup a graph for the log volume per time period on each firewall.&nbsp; When the graph drops below normal you would see the problem.</P></BODY></HTML> Mon, 23 Jun 2014 22:08:49 GMT https://live.paloaltonetworks.com/t5/general-topics/automated-alerts-when-log-forwarding-stops-freezes/m-p/18584#M13568 pulukas 2014-06-23T22:08:49Z https://live.paloaltonetworks.com/t5/general-topics/automated-alerts-when-log-forwarding-stops-freezes/m-p/18585#M13569 <HTML><HEAD></HEAD><BODY><P>Thanks <A href="https://live.paloaltonetworks.com/u1/17985">Steven Puluka</A>, the problem is though, that our logging platform is Panorama.&nbsp; Panorama doesn't offer any of those features.&nbsp; It seems so ridiculous that a system that is specifically designed (M-100) to be a Log Collector, doesn't have a way to notify its admins when it's not actually collecting logs from a device that it was previously collecting logs from.</P></BODY></HTML> Thu, 26 Jun 2014 14:21:20 GMT https://live.paloaltonetworks.com/t5/general-topics/automated-alerts-when-log-forwarding-stops-freezes/m-p/18585#M13569 MRosloniec 2014-06-26T14:21:20Z https://live.paloaltonetworks.com/t5/general-topics/automated-alerts-when-log-forwarding-stops-freezes/m-p/18586#M13570 <HTML><HEAD></HEAD><BODY><P>I feel your pain.&nbsp; We use a third party log collector for long term archives and forward directly for the PAN firewalls via syslog.&nbsp; this has consistently worked even when Panorama logging stops collecting.</P></BODY></HTML> Sat, 28 Jun 2014 00:21:12 GMT https://live.paloaltonetworks.com/t5/general-topics/automated-alerts-when-log-forwarding-stops-freezes/m-p/18586#M13570 pulukas 2014-06-28T00:21:12Z