https://live.paloaltonetworks.com/t5/general-topics/snmp-notifications-some-missing/m-p/51603#M37959 <HTML><HEAD></HEAD><BODY><P>Hi @mcocat,</P><P></P><P>You can configure SNMP under Objects -&gt; Log Forwarding. </P><P></P><P><IMG alt="snmp_1.JPG" class="image-0 jive-image" src="https://live.paloaltonetworks.com/legacyfs/online/16948_snmp_1.JPG" style="height: 306px; width: 620px;" /></P><P></P><P>Then use this log forwarding on all security policy that you want get alerts from. Under Policies - &gt; Security -&gt; Action -&gt; Log Forwarding</P><P></P><P>Hope this helps. Thank you.</P></BODY></HTML> Wed, 19 Nov 2014 15:00:45 GMT ssharma 2014-11-19T15:00:45Z https://live.paloaltonetworks.com/t5/general-topics/snmp-notifications-some-missing/m-p/51602#M37958 <HTML><HEAD></HEAD><BODY><P>I have enabled SNMP notifications on threats greater than or equal to severity "medium". Under monitor &gt; threats I am seeing my alerts, but I only receive (via SNMP) some of the threats that shows up on the PA interface. Here is an example:</P><P></P><P>I am only receiving SNMP alarms on the "SCAN: Host Sweeps", but not the spyware or the virus.</P><P><IMG alt="Screen Shot 2014-11-19 at 8.37.46 AM.png" class="image-0 jive-image" src="https://live.paloaltonetworks.com/legacyfs/online/16947_Screen Shot 2014-11-19 at 8.37.46 AM.png" style="height: 124px; width: 620px;" /></P><P></P><P>Is this because of the rule being hit? How can I enable notifications on all of the rules?</P></BODY></HTML> Wed, 19 Nov 2014 14:39:18 GMT https://live.paloaltonetworks.com/t5/general-topics/snmp-notifications-some-missing/m-p/51602#M37958 mcocat 2014-11-19T14:39:18Z https://live.paloaltonetworks.com/t5/general-topics/snmp-notifications-some-missing/m-p/51603#M37959 <HTML><HEAD></HEAD><BODY><P>Hi @mcocat,</P><P></P><P>You can configure SNMP under Objects -&gt; Log Forwarding. </P><P></P><P><IMG alt="snmp_1.JPG" class="image-0 jive-image" src="https://live.paloaltonetworks.com/legacyfs/online/16948_snmp_1.JPG" style="height: 306px; width: 620px;" /></P><P></P><P>Then use this log forwarding on all security policy that you want get alerts from. Under Policies - &gt; Security -&gt; Action -&gt; Log Forwarding</P><P></P><P>Hope this helps. Thank you.</P></BODY></HTML> Wed, 19 Nov 2014 15:00:45 GMT https://live.paloaltonetworks.com/t5/general-topics/snmp-notifications-some-missing/m-p/51603#M37959 ssharma 2014-11-19T15:00:45Z https://live.paloaltonetworks.com/t5/general-topics/snmp-notifications-some-missing/m-p/51604#M37960 <HTML><HEAD></HEAD><BODY><P>So for my P_User Rule -Apps Allowed rule, I already have log forwarding enabled.</P><P></P><P><IMG alt="Screen Shot 2014-11-19 at 9.06.05 AM.png" class="image-0 jive-image" src="https://live.paloaltonetworks.com/legacyfs/online/16949_Screen Shot 2014-11-19 at 9.06.05 AM.png" style="height: 340px; width: 620px;" /></P><P></P><P>And here is my log forwarding settings:</P><P></P><P><IMG alt="Screen Shot 2014-11-19 at 9.08.15 AM.png" class="image-1 jive-image" src="https://live.paloaltonetworks.com/legacyfs/online/16950_Screen Shot 2014-11-19 at 9.08.15 AM.png" style="height: 137px; width: 620px;" /></P></BODY></HTML> Wed, 19 Nov 2014 15:08:54 GMT https://live.paloaltonetworks.com/t5/general-topics/snmp-notifications-some-missing/m-p/51604#M37960 mcocat 2014-11-19T15:08:54Z https://live.paloaltonetworks.com/t5/general-topics/snmp-notifications-some-missing/m-p/51605#M37961 <HTML><HEAD></HEAD><BODY><P>Yes, you are using P-Panorama log forwarding profile, which does not have SNMP enabled on them. You have Panorama rule, which has SNMP but that is not used in your P_User Rule -Apps Allowed rule.</P><P></P><P>So 2 options,</P><P></P><P>1. either use Panorama log forwarding instead of P-Panorama in P_User Rule -Apps Allowed rule</P><P></P><P>2. Or modify P-Panorama rule to include snmp on them</P><P></P><P>Hope this helps. Thank you.</P></BODY></HTML> Wed, 19 Nov 2014 15:13:02 GMT https://live.paloaltonetworks.com/t5/general-topics/snmp-notifications-some-missing/m-p/51605#M37961 ssharma 2014-11-19T15:13:02Z https://live.paloaltonetworks.com/t5/general-topics/snmp-notifications-some-missing/m-p/51606#M37962 <HTML><HEAD></HEAD><BODY><P>That makes sense, I have a commit running now. So the fact that I was receiving alerts for the entries that didn't match a rule would mean that my default isn't configured correctly to use P-Panorama. Where can I change the default? Thanks for your help!</P></BODY></HTML> Wed, 19 Nov 2014 15:21:19 GMT https://live.paloaltonetworks.com/t5/general-topics/snmp-notifications-some-missing/m-p/51606#M37962 mcocat 2014-11-19T15:21:19Z https://live.paloaltonetworks.com/t5/general-topics/snmp-notifications-some-missing/m-p/51607#M37963 <HTML><HEAD></HEAD><BODY><P>You have to change P-Panorama from the Panorama server, which is pushing these configuration. Hope this helps. Thank you.</P></BODY></HTML> Wed, 19 Nov 2014 15:35:27 GMT https://live.paloaltonetworks.com/t5/general-topics/snmp-notifications-some-missing/m-p/51607#M37963 ssharma 2014-11-19T15:35:27Z