Activate logging

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Activate logging

L3 Networker

Hi,
I can't view in my Kiwi Syslog the traffic from my outside interface.
In my PA-500 I've enabled SNMP in Device -> Management ->Management Interface Settings -> Permitted SNMP Service.
In Operations -> SNMP Setup -> activeted Use Event-Specific Trap Definitions with Version V2c and SNMP community string.
Under Device -> Server Profiles -> Syslog, I activated Name, IP Syslog Server, Trasport UDP, Port 514, Format BSD and Facility LOG_USER.
In Device -> Server Profiles -> SNMP Trap, I activated SNMP Manager IP and Community with Version V2c.
In Policies -> Security, I actived the log forwarding profile in many rules.

Is there someone that can help me?

7 REPLIES 7

Cyber Elite
Cyber Elite

I would perform a PCAP or a wireshark on your Kiwi server and see if you can tell exactly what's happening. WIthout actually seeing your configuration or knowing how your Kiwi server is setup it's pretty hard to see if something this misconfigured. 

 

I've installed a MIBs software to walk into it.

I contacted the IP that I found in Device -> Management -> Managemente interface settings. The SNMP service and community string are activated.

When I try to contact the IP fro MIBs informations, in monitor I find from my zone SERVER that I've contacted OUTSIDE zone for the IP 192.168.1.1 that is different from my console IP management that is 10.254.1.1. But why outside zone? Here there are only public IPs. I'm confusing.

Is there someone that can help me?

@s_quasar,

Can you include a screenshot of what you are seeing from your end. 

I'm not sure, but I think you are saying that the snmp configuration is being sourced from the outside interface instead of the dedicated management port.

 

Check to see if your PA has a service route configured that overrides the default sourcing of this managment traffic and puts it on the configured port needed for the the route.  This setting is located here.

 

Device > Setup > Services

Service route

Steve Puluka BSEET - IP Architect - DQE Communications (Metro Ethernet/ISP)
ACE PanOS 6; ACE PanOS 7; ASE 3.0; PSE 7.0 Foundations & Associate in Platform; Cyber Security; Data Center

Hi,

I've controlled and I have the service SNMP trap in default mode. This is the only service with SNMP name inside.

The strange thing is the IP 192.168.1.1 in management  that is a private IP. In the gateaway I have a public IP. This is a configuration from the company that has installed the firewall. Can I reach that private IP? Do I need to have a specific configuration in the firewall rules?

I'm having trouble following exactly what the configuration is.  Note that the snmp traps with your outline in the first post will be sourced from the mgmt interface address towards the configured syslog kiwi server.

 

Check that the route and path from mgmt interface to kiwi is up and working.

 

Check that security policies along this path permit the traps from the mgmt interface address source to the destination address of the kiwi server.

Steve Puluka BSEET - IP Architect - DQE Communications (Metro Ethernet/ISP)
ACE PanOS 6; ACE PanOS 7; ASE 3.0; PSE 7.0 Foundations & Associate in Platform; Cyber Security; Data Center
  • 2725 Views
  • 7 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!