topic Activate logging in General Topics

Activate logging

s_quasar — Mon, 07 Aug 2017 14:17:40 GMT

Hi,
I can't view in my Kiwi Syslog the traffic from my outside interface.
In my PA-500 I've enabled SNMP in Device -> Management ->Management Interface Settings -> Permitted SNMP Service.
In Operations -> SNMP Setup -> activeted Use Event-Specific Trap Definitions with Version V2c and SNMP community string.
Under Device -> Server Profiles -> Syslog, I activated Name, IP Syslog Server, Trasport UDP, Port 514, Format BSD and Facility LOG_USER.
In Device -> Server Profiles -> SNMP Trap, I activated SNMP Manager IP and Community with Version V2c.
In Policies -> Security, I actived the log forwarding profile in many rules.

Is there someone that can help me?

Re: Activate logging

BPry — Mon, 07 Aug 2017 16:06:20 GMT

I would perform a PCAP or a wireshark on your Kiwi server and see if you can tell exactly what's happening. WIthout actually seeing your configuration or knowing how your Kiwi server is setup it's pretty hard to see if something this misconfigured.

Re: Activate logging

s_quasar — Thu, 31 Aug 2017 14:07:43 GMT

I've installed a MIBs software to walk into it.

I contacted the IP that I found in Device -> Management -> Managemente interface settings. The SNMP service and community string are activated.

When I try to contact the IP fro MIBs informations, in monitor I find from my zone SERVER that I've contacted OUTSIDE zone for the IP 192.168.1.1 that is different from my console IP management that is 10.254.1.1. But why outside zone? Here there are only public IPs. I'm confusing.

Re: Activate logging

s_quasar — Wed, 20 Sep 2017 15:50:03 GMT

Is there someone that can help me?

Re: Activate logging

BPry — Wed, 20 Sep 2017 15:58:09 GMT

@s_quasar,

Can you include a screenshot of what you are seeing from your end.

Re: Activate logging

pulukas — Thu, 21 Sep 2017 21:03:46 GMT

I'm not sure, but I think you are saying that the snmp configuration is being sourced from the outside interface instead of the dedicated management port.

Check to see if your PA has a service route configured that overrides the default sourcing of this managment traffic and puts it on the configured port needed for the the route. This setting is located here.

Device > Setup > Services

Service route

Re: Activate logging

s_quasar — Tue, 17 Oct 2017 12:33:51 GMT

Hi,

I've controlled and I have the service SNMP trap in default mode. This is the only service with SNMP name inside.

The strange thing is the IP 192.168.1.1 in management that is a private IP. In the gateaway I have a public IP. This is a configuration from the company that has installed the firewall. Can I reach that private IP? Do I need to have a specific configuration in the firewall rules?

Re: Activate logging

pulukas — Mon, 23 Oct 2017 12:36:05 GMT

I'm having trouble following exactly what the configuration is. Note that the snmp traps with your outline in the first post will be sourced from the mgmt interface address towards the configured syslog kiwi server.

Check that the route and path from mgmt interface to kiwi is up and working.

Check that security policies along this path permit the traps from the mgmt interface address source to the destination address of the kiwi server.