This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Email alerts for utilised interfaces and HA status (active/passive)

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Email alerts for utilised interfaces and HA status (active/passive)

Go to solution
mr_almeida
L2 Linker

‎01-20-2020 01:51 AM

Hi Gang,

 

I have a server profile configured but completely unsure, even after some searching around.

 

I'd like to generate email alerts for:

  • Interface - in that their status changes e.g. data-link down, hard down, flapping
    • Are the dedicated HA ports possible to be alerted too
  • Firewall goes into HA where the passive firewall takes over

I know the answer lies somewhere in custom logging, but I have no idea where to start.

We are running Panorama and Firewalls currently on 9.05. 

 

In time, I'd love to integrate it into Webex Teams for messaging alerts, as we have an Alert Bot. This is possible right!?

 

Thank you kindly for taking the time and energy to read and respond! 

 

Daniel

0 Likes Likes
1 accepted solution

Accepted Solutions

Go to solution
BPry
Cyber Elite
Cyber Elite

‎01-21-2020 02:01 PM

@mr_almeida,

@mr_almeida wrote:

I'd like to generate email alerts for:

  • Interface - in that their status changes e.g. data-link down, hard down, flapping
    • Are the dedicated HA ports possible to be alerted too
  • Firewall goes into HA where the passive firewall takes over

So for an HA state-change you would want to do the following; note that you could add (severity geq high) to remove any events where someone actually suspends the firewall manually.

<filter>(eventid eq state-change)</filter>
# Or to filter out suspend actions #
<filter>(eventid eq state-change) and (severity geq high)</filter>

 

For the link changes you would actually want to look for the link-change eventid like so

<filter>(eventid eq link-change)</filter>

View solution in original post

4 REPLIES 4

Go to solution
OtakarKlier
Cyber Elite
Cyber Elite

‎01-21-2020 01:18 PM

Hello,

The configuration is on the Device tab -> Log Settings. There you can build a filter to suite your needs. I personally just have it send me all critical alerts (HA is included in these).

 

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Cln1CAC

 

Regards,

Go to solution
BPry
Cyber Elite
Cyber Elite

‎01-21-2020 02:01 PM

@mr_almeida,

@mr_almeida wrote:

I'd like to generate email alerts for:

  • Interface - in that their status changes e.g. data-link down, hard down, flapping
    • Are the dedicated HA ports possible to be alerted too
  • Firewall goes into HA where the passive firewall takes over

So for an HA state-change you would want to do the following; note that you could add (severity geq high) to remove any events where someone actually suspends the firewall manually.

<filter>(eventid eq state-change)</filter>
# Or to filter out suspend actions #
<filter>(eventid eq state-change) and (severity geq high)</filter>

 

For the link changes you would actually want to look for the link-change eventid like so

<filter>(eventid eq link-change)</filter>

Go to solution
mr_almeida
L2 Linker
In response to BPry

‎01-22-2020 01:19 AM

Thank you @BPry !

 

Exactly what I was looking for!!!

 

Thank you for your time and reply! 

 

0 Likes Likes

Go to solution
mr_almeida
L2 Linker
In response to OtakarKlier

‎01-22-2020 01:21 AM - edited ‎01-22-2020 01:22 AM

@OtakarKlier 

 

I never went deep enough into the menu to see the "view filtered logs". So the video you referred was immensely useful in finally getting the overview of log settings! Looking forwarding to tweaking them to get exactly what I want!!! 

 

Thank you too for your time and response!

 

0 Likes Likes
  • 1 accepted solution
  • 5660 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks