- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
12-05-2017 11:46 AM
has anyone tried to set up a custome report that shows/alert or lets you know when someone has made a change to the configuration? Or if you have your own home grown method that you use to audit configuration changes.
12-05-2017 02:33 PM
Hello,
While I'm not sure of any reports, however you can setup email alerts when changes are made, this can become rather chatty. We perform monthly audits and I use the config audit tool. just select the days and let it run then export to excel and add my notes.
Hope that helps.
Regards,
12-06-2017 12:11 AM
the 'Canned reports' are on Traffic...Threat...URL....NOT Configuration or system
also it is not a choice in the custom reports (Database)
however - you could view the configuration logs and build(save) a filter that would
look for Config changes...ie Set, Edit, Commit -- single or combination of search parameters
after saving it you can re-run it periodically and even export to .csv
12-06-2017 06:15 AM
what OS are you using? I am using 7.1.13 and I do not see the configuration option that you are showing here
12-06-2017 06:18 AM
We are on the 8 track already. I know its an option in 7 as well, I think you just have to email alert all high and critical events? But I could be wrong on that one.
12-06-2017 09:29 AM
@OtakarKlier - the log forward setting you mentioned are present and correct ....
but they are for traffic ...threat....tunnel...etc
still doesnt show configuration
12-06-2017 11:00 AM - edited 12-06-2017 12:18 PM
12-06-2017 12:16 PM
Can you send a screenshot of what you are seeing.
12-06-2017 01:04 PM
Okay, I thought 7.1.x had the configuration option...guess not. You can still setup a Email alert for High and Critical events for System alerts. A config edit will register as the following
Type: general
Severity: high
Event: general
Description: Commit job succeeded for user bpry.
Since you are running 7.1.x you won't have the option to specify a filter, so you'll need to at least generate an email for any System level event with a 'high' severity rating. I would recommend getting emails on Critical severity events while you are at it.
12-06-2017 01:39 PM - edited 12-06-2017 01:41 PM
Hello jprovine,
Are you using a super admin account to log in to the GUI ? Maybe you're using a account with an admin role which doesnt display the configuration part of the menu...
You should be able to use it, even in 7.1: https://www.paloaltonetworks.com/documentation/71/pan-os/web-interface-help/device/device-log-settin...
12-06-2017 02:20 PM
@khuynh, I was pretty sure you could. Like I said I don't have any boxes to test it with anymore though.
The System one would work fine, but I did just look back at my old config files and there is indefinitely a section of the configuration that would corispond with the configuration part being present in 7.1.x
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!