configuration report

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

configuration report

L4 Transporter

has anyone tried to set up a custome report that shows/alert or lets you know when someone has made a change to the configuration?  Or if you have your own home grown method that you use to audit configuration changes.

13 REPLIES 13

Cyber Elite
Cyber Elite

Hello,

While I'm not sure of any reports, however you can setup email alerts when changes are made, this can become rather chatty. We perform monthly audits and I use the config audit tool. just select the days and let it run then export to excel and add my notes. 

 

image.png

 

Hope that helps.

 

Regards,

L4 Transporter

the 'Canned  reports' are on Traffic...Threat...URL....NOT Configuration or system

also it is not a choice in the custom reports (Database)

 

however - you could view the configuration logs and build(save) a filter that would 

look for Config changes...ie Set, Edit, Commit -- single or combination of search parameters

 

after saving it you can re-run it periodically and even export to .csv

@OtakarKlier

 

what OS are you using? I am using 7.1.13 and I do not see the configuration option that you are showing here

 

loggsetting.PNG

We are on the 8 track already. I know its an option in 7 as well, I think you just have to email alert all high and critical events? But I could be wrong on that one.

@OtakarKlier - the log forward setting you mentioned are present and correct ....

 

but they are for traffic ...threat....tunnel...etc

 

still doesnt show configuration 

Cyber Elite
Cyber Elite

@jdprovine

It's actually going to be an option within the Log Settings for Confiugration. 

 

Capture.PNG

@BPry

 

I went to device\log setting\system  and don't see the screen you are showing

@jdprovine,

Can you send a screenshot of what you are seeing. 

@BPry

 

I hope this is enought to tellloggsetting.PNG

@jdprovine,

Okay, I thought 7.1.x had the configuration option...guess not. You can still setup a Email alert for High and Critical events for System alerts. A config edit will register as the following

Type: general

Severity: high

Event: general

Description: Commit job succeeded for user bpry.

 

Since you are running 7.1.x you won't have the option to specify a filter, so you'll need to at least generate an email for any System level event with a 'high' severity rating. I would recommend getting emails on Critical severity events while you are at it. 

Hello jprovine,

 

Are you using a super admin account to log in to the GUI ? Maybe you're using a account with an admin role which doesnt display the configuration part of the menu...

You should be able to use it, even in 7.1: https://www.paloaltonetworks.com/documentation/71/pan-os/web-interface-help/device/device-log-settin...

 

@khuynh, I was pretty sure you could. Like I said I don't have any boxes to test it with anymore though. 

 

@jdprovine,

The System one would work fine, but I did just look back at my old config files and there is indefinitely a section of the configuration that would corispond with the configuration part being present in 7.1.x 

@khuynh

 

I am a superuser and my OS is 7.1.13 

  • 6016 Views
  • 13 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!