Palo Alto Networks firewalls can be configured to send SNMP messages based on the severity associated with the event but not specific events.
Example of Failover System messages:
HA State changes are Informational severity events so, in order for those messages to be sent to the SNMP server, the firewall needs to be configured to forward Informational severity messages.
Note: This does imply that all informational messages will be sent to the SNMP server, not only the failover messages. It will be up to the SNMP server to filter the messages and alert only when an HA state change happened.
To enable SNMP forwarding of Informational messages, Create an SNMP trap server profile and use this SNMP trap server under the system log settings as shown below:
- Create the SNMP Trap Server profile (GUI: Device > Server Profiles > SNMP Trap)
- Configure log settings to use SNMP (GUI: Device > Log Settings > System and click Add to add)
Give a name and use filter builder to select informational setting and subtype of ha. Use the dropdown menu to use the filter builder.
- Click OK and Commit the configuration.
Note: The example provides the "informational" message filter. If HA messsages of severity "high" needs to be captured, one can use the filter builder to change the "informational" severity settings to "High" severity.