This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

configuration report

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

configuration report

jdprovine
L4 Transporter

‎12-05-2017 11:46 AM

has anyone tried to set up a custome report that shows/alert or lets you know when someone has made a change to the configuration?  Or if you have your own home grown method that you use to audit configuration changes.

0 Likes Likes
13 REPLIES 13

OtakarKlier
Cyber Elite
Cyber Elite

‎12-05-2017 02:33 PM

Hello,

While I'm not sure of any reports, however you can setup email alerts when changes are made, this can become rather chatty. We perform monthly audits and I use the config audit tool. just select the days and let it run then export to excel and add my notes. 

 

image.png

 

Hope that helps.

 

Regards,

DarinSutton
L4 Transporter

‎12-06-2017 12:11 AM

the 'Canned  reports' are on Traffic...Threat...URL....NOT Configuration or system

also it is not a choice in the custom reports (Database)

 

however - you could view the configuration logs and build(save) a filter that would 

look for Config changes...ie Set, Edit, Commit -- single or combination of search parameters

 

after saving it you can re-run it periodically and even export to .csv

jdprovine
L4 Transporter
In response to OtakarKlier

‎12-06-2017 06:15 AM

@OtakarKlier

 

what OS are you using? I am using 7.1.13 and I do not see the configuration option that you are showing here

 

loggsetting.PNG

0 Likes Likes

OtakarKlier
Cyber Elite
Cyber Elite
In response to jdprovine

‎12-06-2017 06:18 AM

We are on the 8 track already. I know its an option in 7 as well, I think you just have to email alert all high and critical events? But I could be wrong on that one.

0 Likes Likes

DarinSutton
L4 Transporter
In response to OtakarKlier

‎12-06-2017 09:29 AM

@OtakarKlier - the log forward setting you mentioned are present and correct ....

 

but they are for traffic ...threat....tunnel...etc

 

still doesnt show configuration 

0 Likes Likes

BPry
Cyber Elite
Cyber Elite

‎12-06-2017 11:00 AM - edited ‎12-06-2017 12:18 PM

@jdprovine

It's actually going to be an option within the Log Settings for Confiugration. 

 

Capture.PNG

jdprovine
L4 Transporter
In response to BPry

‎12-06-2017 11:36 AM

@BPry

 

I went to device\log setting\system  and don't see the screen you are showing

0 Likes Likes

BPry
Cyber Elite
Cyber Elite
In response to jdprovine

‎12-06-2017 12:16 PM

@jdprovine,

Can you send a screenshot of what you are seeing. 

0 Likes Likes

jdprovine
L4 Transporter
In response to BPry

‎12-06-2017 12:47 PM

@BPry

 

I hope this is enought to tellloggsetting.PNG

0 Likes Likes

BPry
Cyber Elite
Cyber Elite
In response to jdprovine

‎12-06-2017 01:04 PM

@jdprovine,

Okay, I thought 7.1.x had the configuration option...guess not. You can still setup a Email alert for High and Critical events for System alerts. A config edit will register as the following

Type: general

Severity: high

Event: general

Description: Commit job succeeded for user bpry.

 

Since you are running 7.1.x you won't have the option to specify a filter, so you'll need to at least generate an email for any System level event with a 'high' severity rating. I would recommend getting emails on Critical severity events while you are at it. 

0 Likes Likes

khuynh
L2 Linker
In response to jdprovine

‎12-06-2017 01:39 PM - edited ‎12-06-2017 01:41 PM

Hello jprovine,

 

Are you using a super admin account to log in to the GUI ? Maybe you're using a account with an admin role which doesnt display the configuration part of the menu...

You should be able to use it, even in 7.1: https://www.paloaltonetworks.com/documentation/71/pan-os/web-interface-help/device/device-log-settin...

 

0 Likes Likes

BPry
Cyber Elite
Cyber Elite
In response to khuynh

‎12-06-2017 02:20 PM

@khuynh, I was pretty sure you could. Like I said I don't have any boxes to test it with anymore though. 

 

@jdprovine,

The System one would work fine, but I did just look back at my old config files and there is indefinitely a section of the configuration that would corispond with the configuration part being present in 7.1.x 

jdprovine
L4 Transporter
In response to khuynh

‎12-07-2017 05:25 AM

@khuynh

 

I am a superuser and my OS is 7.1.13 

0 Likes Likes
  • 5947 Views
  • 13 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks