https://live.paloaltonetworks.com/t5/general-topics/trap-snmp-for-threat/m-p/12965#M9499 <HTML><HEAD></HEAD><BODY><P>Bruno,<BR />Please confirm the following:</P><P></P><P>Have you configured the Log forwarding settings in Objects tab? If not, you will have to create an entry to have SNMP traps occurs properly.</P><P>Click +Add to create a Log Forwarding Profile.</P><P>In this section, there are 2 sections to be forwarded: Traffic Settings and Threat Settings.</P><P></P><P>Each security policy can specify a log forwarding profile that determines whether traffic and threat log entries are logged remotely with Panorama, and/or sent as SNMP traps, syslog messages, or email notifications. By default, only local logging is performed.</P><P></P><P>Traffic logs record information about each traffic flow, and threat logs record the threats or problems with the network traffic, such as virus or spyware detection. Note that the antivirus, anti-spyware, and vulnerability protection profiles associated with each rule determine which threats are logged (locally or remotely).</P><P></P><P>Under threats, you will notice the Severity levels.&nbsp; You have to configure SNMP(ver 2 or 3) with a SNMP Trap, Email and or Syslog destination. And every option has detailed settings.Please see below information about the Thread log settings.</P><P></P><P><STRONG>Threat Log Settings</STRONG></P><P>The severity levels are: </P><P>• Critical—Very serious attacks detected by the threat security engine. </P><P>• High—Major attacks detected by the threat security engine. </P><P>• Medium—Minor attacks detected by the threat security engine, including URL blocking. </P><P>• Low—Warning-level attacks detected by the threat security engine. </P><P>• Informational—All other events not covered by the other severity levels, including informational attack object matches.</P><P></P><P>I hope this helps answer your question.</P></BODY></HTML> Wed, 25 Jan 2012 16:55:48 GMT jdelio 2012-01-25T16:55:48Z https://live.paloaltonetworks.com/t5/general-topics/trap-snmp-for-threat/m-p/12964#M9498 <HTML><HEAD></HEAD><BODY><P>Hi all,</P><P></P><P>From the mib file named PAN-TRAPS.mib I can see that there are some information about threat objects.</P><P></P><P>Is there anybody who knows how to use this.</P><P></P><P>I have tried to generate some threats but no traps were sent to the manager.</P><P></P><P>Thanks</P><P></P><P>Bruno</P></BODY></HTML> Tue, 17 Jan 2012 11:01:31 GMT https://live.paloaltonetworks.com/t5/general-topics/trap-snmp-for-threat/m-p/12964#M9498 brunoetienne91 2012-01-17T11:01:31Z https://live.paloaltonetworks.com/t5/general-topics/trap-snmp-for-threat/m-p/12965#M9499 <HTML><HEAD></HEAD><BODY><P>Bruno,<BR />Please confirm the following:</P><P></P><P>Have you configured the Log forwarding settings in Objects tab? If not, you will have to create an entry to have SNMP traps occurs properly.</P><P>Click +Add to create a Log Forwarding Profile.</P><P>In this section, there are 2 sections to be forwarded: Traffic Settings and Threat Settings.</P><P></P><P>Each security policy can specify a log forwarding profile that determines whether traffic and threat log entries are logged remotely with Panorama, and/or sent as SNMP traps, syslog messages, or email notifications. By default, only local logging is performed.</P><P></P><P>Traffic logs record information about each traffic flow, and threat logs record the threats or problems with the network traffic, such as virus or spyware detection. Note that the antivirus, anti-spyware, and vulnerability protection profiles associated with each rule determine which threats are logged (locally or remotely).</P><P></P><P>Under threats, you will notice the Severity levels.&nbsp; You have to configure SNMP(ver 2 or 3) with a SNMP Trap, Email and or Syslog destination. And every option has detailed settings.Please see below information about the Thread log settings.</P><P></P><P><STRONG>Threat Log Settings</STRONG></P><P>The severity levels are: </P><P>• Critical—Very serious attacks detected by the threat security engine. </P><P>• High—Major attacks detected by the threat security engine. </P><P>• Medium—Minor attacks detected by the threat security engine, including URL blocking. </P><P>• Low—Warning-level attacks detected by the threat security engine. </P><P>• Informational—All other events not covered by the other severity levels, including informational attack object matches.</P><P></P><P>I hope this helps answer your question.</P></BODY></HTML> Wed, 25 Jan 2012 16:55:48 GMT https://live.paloaltonetworks.com/t5/general-topics/trap-snmp-for-threat/m-p/12965#M9499 jdelio 2012-01-25T16:55:48Z https://live.paloaltonetworks.com/t5/general-topics/trap-snmp-for-threat/m-p/12966#M9500 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P>I do have the same problem. After a snmpwalk, I receive about 380 OID's. But the OID's which are provided by Palo Alto, refering to PAN-TRAPS are not available and not shown through snmpwalk.</P><P>How can I get the threat, virus, or any other snmp related trap.?</P></BODY></HTML> Sun, 29 Jan 2012 00:52:29 GMT https://live.paloaltonetworks.com/t5/general-topics/trap-snmp-for-threat/m-p/12966#M9500 bable 2012-01-29T00:52:29Z