topic Re: Is it possible to monitor PBF rule status via SNMP? in General Topics

Is it possible to monitor PBF rule status via SNMP?

TomMeadows — Fri, 29 Sep 2017 14:56:25 GMT

Hi-

Is there a way I can get our PA-220 to alert our SNMP monitoring system when a Policy Based Forwarding rule fails/activates?

I've set up SNMP on the firewall, added a device entry in our PRTG monitoring system, and set PRTG to automatically detect the device. It has discovered about 40 sensors, but I can't see any that relates to PBF.

We have a problem with a PBF rule failing, and I would like our monitoring screen to display whether this PBF rule is active or not.

Thanks,

Re: Is it possible to monitor PBF rule status via SNMP?

BPry — Fri, 29 Sep 2017 16:34:53 GMT

@TomMeadows,

I'm fairly certain this is not supported in the MIB.

Re: Is it possible to monitor PBF rule status via SNMP?

TomMeadows — Sat, 30 Sep 2017 22:28:55 GMT

Does anyone know if there is any other way in the Palo Alto world to signal PBF rule status?

Thanks

Re: Is it possible to monitor PBF rule status via SNMP?

jvalentine — Sun, 01 Oct 2017 03:28:26 GMT

I used a combination of two new 8.0 features: filtered log forwarding and http log action. Any time there is a PBF status change, my firewall drops a message in a Slack channel.

Re: Is it possible to monitor PBF rule status via SNMP?

fjwcash — Thu, 05 Oct 2017 23:06:10 GMT

You can access it via the CLI: show pbf rule name <your-PBF-Policy-name>

You can script that using SSH connections with password-less keys. Just run it every X minutes and compare the "Rule State" line between runs.

Unfortunately, it will fill your logs with login/logout entries. 😞

Would be really nice if this could be polled via SNMP, or configured as an SNMP trap, or some other more automated way.