This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Custom Email alerts based on System logs in Panorama 8.x

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Custom Email alerts based on System logs in Panorama 8.x

Go to solution
Roby_Sreejith
L4 Transporter

‎11-20-2017 07:16 AM - edited ‎12-06-2017 05:20 AM

I have configured Scheduled configuratio export for Panorama and all firewalls to an SCP server

This is done via Panorama.

Is there any way to schedule an email alert after evry succesful backup of configuration. Or in case of failed  export of configuration . I can see the SCP export happening through system logs in panorama.

I have filtererd with the SCP/SFTP server IP like below: Is it possible to filter this and create email alert:( custom email Alerts):

backuplogs.png

PCNSE-7, ACE-6,ACE 7 , CCNP, CCNA,CCIE(theory) , RHCE
Firewalldog dot com
0 Likes Likes
1 accepted solution

Accepted Solutions

Go to solution
kiwi
Community Team Member
In response to Roby_Sreejith

‎04-12-2018 04:35 AM

@Roby_Sreejith,

 

For forwarding filtered System Logs :

 

Device tab (or Panorama tab on Panorama) > Log Settings > System (+Add) > Filter Builder :

 

2018-04-12_13-31-09.jpg

 

Cheers !

-Kiwi.

LIVEcommunity team member, CISSP
Cheers,
Kiwi
Please help out other users and “Accept as Solution” if a post helps solve your problem !

Read more about how and why to accept solutions.

View solution in original post

0 Likes Likes
16 REPLIES 16

Go to solution
kiwi
Community Team Member

‎11-21-2017 01:52 AM

Hi @Roby_Sreejith,

 

I haven't checked it myself yet but if there's a log generated then you could use PAN-OS 8.0 filtered log forwarding feature to accomplish this.

 

Hope this helps.

Cheers !

-Kiwi.

LIVEcommunity team member, CISSP
Cheers,
Kiwi
Please help out other users and “Accept as Solution” if a post helps solve your problem !

Read more about how and why to accept solutions.
0 Likes Likes

Go to solution
Brandon_Wertz
L6 Presenter
In response to kiwi

‎11-21-2017 05:57 AM

I'm curious, maybe I don't understand what you're trying to do but Panorama automatically takes a config backup everytime you make a commit change that's attached to panorama.  It stores 100 unqiue configs by default.  (I'm not sure why you'd need a seperate process to export the configs?)

 

PAN_Backups.PNG

0 Likes Likes

Go to solution
Roby_Sreejith
L4 Transporter
In response to Brandon_Wertz

‎11-28-2017 01:50 AM

There is is a problem with this bacakup. It stores in Panorama. I can not extarct this to locally. 

PCNSE-7, ACE-6,ACE 7 , CCNP, CCNA,CCIE(theory) , RHCE
Firewalldog dot com
0 Likes Likes

Go to solution
Brandon_Wertz
L6 Presenter
In response to Roby_Sreejith

‎11-28-2017 05:27 AM

@Roby_Sreejith wrote:

There is is a problem with this bacakup. It stores in Panorama. I can not extarct this to locally. 

 

I guess I don't understand the requirement.  You need it "locally" and not in Panorama because Panorama has the potential to be inaccessible and if at that same time you have a firewall down and need to restore said firewall relying on Panorama is a failure point?

0 Likes Likes

Go to solution
Roby_Sreejith
L4 Transporter
In response to Brandon_Wertz

‎12-06-2017 12:39 AM

I beleive the backup in panoarama can not be extracted locally.

This stays in Panorama.

I have reqiremt of keeping a local backup copy of each firewall , so I choose an option to export to SCCP/SFTP server .

So I have control in backup procedure.

Now I need alert mechansim of which whethere this exort to SCP/SFTP server is success or not

PCNSE-7, ACE-6,ACE 7 , CCNP, CCNA,CCIE(theory) , RHCE
Firewalldog dot com
0 Likes Likes

Go to solution
Roby_Sreejith
L4 Transporter
In response to Roby_Sreejith

‎12-06-2017 05:28 AM

I have added some more details in the discussion with detailed pictures. 

PCNSE-7, ACE-6,ACE 7 , CCNP, CCNA,CCIE(theory) , RHCE
Firewalldog dot com
0 Likes Likes

Go to solution
Roby_Sreejith
L4 Transporter
In response to kiwi

‎12-06-2017 05:30 AM

I have added the system logs screenshot in here. Can you tell me how to create custom email alerts for this issue. or is there any guide posted here for custom alerts

PCNSE-7, ACE-6,ACE 7 , CCNP, CCNA,CCIE(theory) , RHCE
Firewalldog dot com
0 Likes Likes

Go to solution
fjwcash
L4 Transporter
In response to Roby_Sreejith

‎12-06-2017 12:40 PM

@Roby_Sreejith wrote:

I beleive the backup in panoarama can not be extracted locally.

This stays in Panorama.

I have reqiremt of keeping a local backup copy of each firewall , so I choose an option to export to SCCP/SFTP server .

So I have control in backup procedure.

Now I need alert mechansim of which whethere this exort to SCP/SFTP server is success or not

If it's not possible via Panorama, you can always script something up on the SCP/SFTP server side of things.  The auth log for SSH will show whether a connection occurred.  And you should be able to increase the verbosity of logs for SCP/SFTP connections to show more information on the connections/transfers.

 

You can always monitor the directory the files are being transferred to, and compare dates/times on the files.  And/or the file names, as they are named using the date of the backup.

0 Likes Likes

Go to solution
Roby_Sreejith
L4 Transporter
In response to fjwcash

‎12-14-2017 02:05 AM

Is it possible to a custom report ands schedule an email in Palo Alto onbnly for succesful /failed SCP SFT backup done from Panorama 

PCNSE-7, ACE-6,ACE 7 , CCNP, CCNA,CCIE(theory) , RHCE
Firewalldog dot com
0 Likes Likes

Go to solution
T-Squared
L1 Bithead

‎12-14-2017 01:13 PM

Yes this is possible using http server profiles and an external service called mailgun, I do it for commits.

0 Likes Likes

Go to solution
Roby_Sreejith
L4 Transporter
In response to T-Squared

‎12-14-2017 10:36 PM

Can you help which document to refer for this

PCNSE-7, ACE-6,ACE 7 , CCNP, CCNA,CCIE(theory) , RHCE
Firewalldog dot com
0 Likes Likes

Go to solution
Roby_Sreejith
L4 Transporter

‎12-18-2017 10:21 PM

any idea to configure email alert for this

PCNSE-7, ACE-6,ACE 7 , CCNP, CCNA,CCIE(theory) , RHCE
Firewalldog dot com
0 Likes Likes

Go to solution
T-Squared
L1 Bithead
In response to Roby_Sreejith

‎12-19-2017 01:58 PM

Here is something that should help, I will keep it up till EOY. 

 

Tom

 

https://www.dropbox.com/s/18yo3d0k3qbxq8a/Mail-forwarding.pdf?dl=0

 

 

0 Likes Likes

Go to solution
Roby_Sreejith
L4 Transporter
In response to kiwi

‎04-12-2018 02:05 AM

@kiwi I have checked and could not find this feature for filtering System logs, Have you tried this to filter system logs for specific pattern to crerate email alerts

PCNSE-7, ACE-6,ACE 7 , CCNP, CCNA,CCIE(theory) , RHCE
Firewalldog dot com
0 Likes Likes
  • 1 accepted solution
  • 9924 Views
  • 16 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks