Custom Email alerts based on System logs in Panorama 8.x

Reply
Highlighted
L4 Transporter

Custom Email alerts based on System logs in Panorama 8.x

I have configured Scheduled configuratio export for Panorama and all firewalls to an SCP server

This is done via Panorama.

Is there any way to schedule an email alert after evry succesful backup of configuration. Or in case of failed  export of configuration . I can see the SCP export happening through system logs in panorama.

I have filtererd with the SCP/SFTP server IP like below: Is it possible to filter this and create email alert:( custom email Alerts):

backuplogs.png

PCNSE-7, ACE-6,ACE 7 , CCNP, CCNA,CCIE(theory) , RHCE
Firewalldog dot com
Tags (3)
Community Team Member

Re: Scheduled configuration Export Firewall

Hi @Roby_Sreejith,

 

I haven't checked it myself yet but if there's a log generated then you could use PAN-OS 8.0 filtered log forwarding feature to accomplish this.

 

Hope this helps.

Cheers !

-Kiwi.

L6 Presenter

Re: Scheduled configuration Export Firewall

I'm curious, maybe I don't understand what you're trying to do but Panorama automatically takes a config backup everytime you make a commit change that's attached to panorama.  It stores 100 unqiue configs by default.  (I'm not sure why you'd need a seperate process to export the configs?)

 

PAN_Backups.PNG

L4 Transporter

Re: Scheduled configuration Export Firewall

There is is a problem with this bacakup. It stores in Panorama. I can not extarct this to locally. 

PCNSE-7, ACE-6,ACE 7 , CCNP, CCNA,CCIE(theory) , RHCE
Firewalldog dot com
L6 Presenter

Re: Scheduled configuration Export Firewall


@Roby_Sreejith wrote:

There is is a problem with this bacakup. It stores in Panorama. I can not extarct this to locally. 


 

I guess I don't understand the requirement.  You need it "locally" and not in Panorama because Panorama has the potential to be inaccessible and if at that same time you have a firewall down and need to restore said firewall relying on Panorama is a failure point?

L4 Transporter

Re: Scheduled configuration Export Firewall

I beleive the backup in panoarama can not be extracted locally.

This stays in Panorama.

I have reqiremt of keeping a local backup copy of each firewall , so I choose an option to export to SCCP/SFTP server .

So I have control in backup procedure.

Now I need alert mechansim of which whethere this exort to SCP/SFTP server is success or not

PCNSE-7, ACE-6,ACE 7 , CCNP, CCNA,CCIE(theory) , RHCE
Firewalldog dot com
L4 Transporter

Re: Scheduled configuration Export Firewall

I have added some more details in the discussion with detailed pictures. 

PCNSE-7, ACE-6,ACE 7 , CCNP, CCNA,CCIE(theory) , RHCE
Firewalldog dot com
L4 Transporter

Re: Scheduled configuration Export Firewall

I have added the system logs screenshot in here. Can you tell me how to create custom email alerts for this issue. or is there any guide posted here for custom alerts

PCNSE-7, ACE-6,ACE 7 , CCNP, CCNA,CCIE(theory) , RHCE
Firewalldog dot com
L4 Transporter

Re: Scheduled configuration Export Firewall


@Roby_Sreejith wrote:

I beleive the backup in panoarama can not be extracted locally.

This stays in Panorama.

I have reqiremt of keeping a local backup copy of each firewall , so I choose an option to export to SCCP/SFTP server .

So I have control in backup procedure.

Now I need alert mechansim of which whethere this exort to SCP/SFTP server is success or not


If it's not possible via Panorama, you can always script something up on the SCP/SFTP server side of things.  The auth log for SSH will show whether a connection occurred.  And you should be able to increase the verbosity of logs for SCP/SFTP connections to show more information on the connections/transfers.

 

You can always monitor the directory the files are being transferred to, and compare dates/times on the files.  And/or the file names, as they are named using the date of the backup.

L4 Transporter

Re: Scheduled configuration Export Firewall

Is it possible to a custom report ands schedule an email in Palo Alto onbnly for succesful /failed SCP SFT backup done from Panorama 

PCNSE-7, ACE-6,ACE 7 , CCNP, CCNA,CCIE(theory) , RHCE
Firewalldog dot com
Tags (1)
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!