11-11-2014 01:31 PM
I have my Palo Alto setup to send emails out on critical alerts. If someone tries attacking an outside IP I will get 60 alerts sometimes all in a row. Is there anyway to get the email alert just once that the outside IP was hit 60 times as opposed to getting 60 email alerts?
Thanks
11-11-2014 01:40 PM
Hello aguley,
I am not sure, if this will suppress system logs or not ( works with threat logs), But, You may try this command:
> set system setting logging log-suppression yes
Thanks
11-11-2014 01:37 PM
Hi aguley ,
With current feature set, if you configure device to send you Critical alerts, it will send you critical alerts each time it is generated. In your case 60 times or more in row. There is a feature request filed for your requirement of selective alerts. You can contact your local sales / system engineer to pursue feature request. He will be glad to file it on your behalf. Hope this helps. Thank you.
11-11-2014 01:40 PM
Hello aguley,
I am not sure, if this will suppress system logs or not ( works with threat logs), But, You may try this command:
> set system setting logging log-suppression yes
Thanks
11-11-2014 01:44 PM
Hulk,
Thanks. I think this is exactly what I am looking for. I Googled the command you sent and here is a PA article:
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
