Ladies and gentlemen,
I have a use-case where some sales people etc, don't show up online for a long time and it's hard for me do remote maintenance or troubleshooting on thier PCs.. eg.. broken Windows Updates.
Is there a way I can automatigically quiery PAN FW log and alert me when the user finally pops up online?
Solved! Go to Solution.
Of course you could write your own little application or script to parse the logs and send you an alert when there are logs from that user.
But with PAN-OS 8 there is an easier way: Log forwarding profile (match list)
This way you could create a filter that matches logs from that specific user or maybe even better the User-ID logs and then send the matching logs by email as soon as the filter matches logs from that user.
when you say little app or script to parse the logs... how do you envision this solution to work? Is there a way to access logs via the API and detect there are items getting returned?
Yes, with the API you have the ability to query logs. So to achieve your goal with the API you could do something like a sceduled task/cron job to run for example every 15 minutes. So every 15 minutes you run a log API query to search the last 15 minutes for log entries of your user. And if the query returns something, let the script do whatever you want (send email, sms, whatsup message) to inform you that the user is online.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!