Custom Email alerts based on System logs in Panorama 8.x

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Custom Email alerts based on System logs in Panorama 8.x

L4 Transporter

I have configured Scheduled configuratio export for Panorama and all firewalls to an SCP server

This is done via Panorama.

Is there any way to schedule an email alert after evry succesful backup of configuration. Or in case of failed  export of configuration . I can see the SCP export happening through system logs in panorama.

I have filtererd with the SCP/SFTP server IP like below: Is it possible to filter this and create email alert:( custom email Alerts):

backuplogs.png

PCNSE-7, ACE-6,ACE 7 , CCNP, CCNA,CCIE(theory) , RHCE
Firewalldog dot com
1 accepted solution

Accepted Solutions

Community Team Member

@Roby_Sreejith,

 

For forwarding filtered System Logs :

 

Device tab (or Panorama tab on Panorama) > Log Settings > System (+Add) > Filter Builder :

 

2018-04-12_13-31-09.jpg

 

Cheers !

-Kiwi.

LIVEcommunity team member, CISSP
Cheers,
Kiwi
Please help out other users and “Accept as Solution” if a post helps solve your problem !

Read more about how and why to accept solutions.

View solution in original post

16 REPLIES 16

Community Team Member

Hi @Roby_Sreejith,

 

I haven't checked it myself yet but if there's a log generated then you could use PAN-OS 8.0 filtered log forwarding feature to accomplish this.

 

Hope this helps.

Cheers !

-Kiwi.

LIVEcommunity team member, CISSP
Cheers,
Kiwi
Please help out other users and “Accept as Solution” if a post helps solve your problem !

Read more about how and why to accept solutions.

I'm curious, maybe I don't understand what you're trying to do but Panorama automatically takes a config backup everytime you make a commit change that's attached to panorama.  It stores 100 unqiue configs by default.  (I'm not sure why you'd need a seperate process to export the configs?)

 

PAN_Backups.PNG

There is is a problem with this bacakup. It stores in Panorama. I can not extarct this to locally. 

PCNSE-7, ACE-6,ACE 7 , CCNP, CCNA,CCIE(theory) , RHCE
Firewalldog dot com


@Roby_Sreejith wrote:

There is is a problem with this bacakup. It stores in Panorama. I can not extarct this to locally. 


 

I guess I don't understand the requirement.  You need it "locally" and not in Panorama because Panorama has the potential to be inaccessible and if at that same time you have a firewall down and need to restore said firewall relying on Panorama is a failure point?

I beleive the backup in panoarama can not be extracted locally.

This stays in Panorama.

I have reqiremt of keeping a local backup copy of each firewall , so I choose an option to export to SCCP/SFTP server .

So I have control in backup procedure.

Now I need alert mechansim of which whethere this exort to SCP/SFTP server is success or not

PCNSE-7, ACE-6,ACE 7 , CCNP, CCNA,CCIE(theory) , RHCE
Firewalldog dot com

I have added some more details in the discussion with detailed pictures. 

PCNSE-7, ACE-6,ACE 7 , CCNP, CCNA,CCIE(theory) , RHCE
Firewalldog dot com

I have added the system logs screenshot in here. Can you tell me how to create custom email alerts for this issue. or is there any guide posted here for custom alerts

PCNSE-7, ACE-6,ACE 7 , CCNP, CCNA,CCIE(theory) , RHCE
Firewalldog dot com


@Roby_Sreejith wrote:

I beleive the backup in panoarama can not be extracted locally.

This stays in Panorama.

I have reqiremt of keeping a local backup copy of each firewall , so I choose an option to export to SCCP/SFTP server .

So I have control in backup procedure.

Now I need alert mechansim of which whethere this exort to SCP/SFTP server is success or not


If it's not possible via Panorama, you can always script something up on the SCP/SFTP server side of things.  The auth log for SSH will show whether a connection occurred.  And you should be able to increase the verbosity of logs for SCP/SFTP connections to show more information on the connections/transfers.

 

You can always monitor the directory the files are being transferred to, and compare dates/times on the files.  And/or the file names, as they are named using the date of the backup.

Is it possible to a custom report ands schedule an email in Palo Alto onbnly for succesful /failed SCP SFT backup done from Panorama 

PCNSE-7, ACE-6,ACE 7 , CCNP, CCNA,CCIE(theory) , RHCE
Firewalldog dot com

L1 Bithead

Yes this is possible using http server profiles and an external service called mailgun, I do it for commits.

Can you help which document to refer for this

PCNSE-7, ACE-6,ACE 7 , CCNP, CCNA,CCIE(theory) , RHCE
Firewalldog dot com

L4 Transporter

any idea to configure email alert for this

PCNSE-7, ACE-6,ACE 7 , CCNP, CCNA,CCIE(theory) , RHCE
Firewalldog dot com

Here is something that should help, I will keep it up till EOY. 

 

Tom

 

https://www.dropbox.com/s/18yo3d0k3qbxq8a/Mail-forwarding.pdf?dl=0

 

 

@kiwi I have checked and could not find this feature for filtering System logs, Have you tried this to filter system logs for specific pattern to crerate email alerts

PCNSE-7, ACE-6,ACE 7 , CCNP, CCNA,CCIE(theory) , RHCE
Firewalldog dot com
  • 1 accepted solution
  • 9919 Views
  • 16 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!