Alert when user goes online

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Alert when user goes online

L1 Bithead

Ladies and gentlemen,

 

 I have a use-case where some sales people etc, don't show up online for a long time and it's hard for me do remote maintenance or troubleshooting on thier PCs.. eg.. broken Windows Updates.

 

Is there a way I can automatigically quiery PAN FW log and alert me when the user finally pops up online?

1 accepted solution

Accepted Solutions

L7 Applicator

Hi @NileG

 

Of course you could write your own little application or script to parse the logs and send you an alert when there are logs from that user.

But with PAN-OS 8 there is an easier way: Log forwarding profile (match list)

This way you could create a filter that matches logs from that specific user or maybe even better the User-ID logs and then send the matching logs by email as soon as the filter matches logs from that user.

View solution in original post

3 REPLIES 3

L7 Applicator

Hi @NileG

 

Of course you could write your own little application or script to parse the logs and send you an alert when there are logs from that user.

But with PAN-OS 8 there is an easier way: Log forwarding profile (match list)

This way you could create a filter that matches logs from that specific user or maybe even better the User-ID logs and then send the matching logs by email as soon as the filter matches logs from that user.

when you say little app or script to parse the logs... how do you envision this solution to work? Is there a way to access logs via the API and detect there are items getting returned?

Yes, with the API you have the ability to query logs. So to achieve your goal with the API you could do something like a sceduled task/cron job to run for example every 15 minutes. So every 15 minutes you run a log API query to search the last 15 minutes for log entries of your user. And if the query returns something, let the script do whatever you want (send email, sms, whatsup message) to inform you that the user is online.

  • 1 accepted solution
  • 2870 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!