12-27-2012 10:27 AM
Recently we configured ISP failover on two PA500s using PBF for the primary ISP and the virtual router for the backup ISP. We would like to setup some kind of email notification, or alert when this failover occurs. I've looked through the Admin Guide to try to figure out the best solution and the forums and haven't found a solution yet. What would be the best solution for this? Thanks!
12-27-2012 11:09 AM
Hello David, if you have link monitoring and/or path monitoring enabled for use in conjunction with your PBF configuration then the PAN device will generate a system log when a link monitoring or path monitoring event occurs. You can also configure e-mail alerting for events of this nature and the PAN device will send e-mails when a failure is detected. You may find the following articles helpful:
https://live.paloaltonetworks.com/docs/DOC-4117
https://live.paloaltonetworks.com/message/8821#8821
If you have a syslog server then filtering on specific syslog events for notification purposes may be a viable option in your environment as well.
Hope this helps.
12-27-2012 11:09 AM
Hello David, if you have link monitoring and/or path monitoring enabled for use in conjunction with your PBF configuration then the PAN device will generate a system log when a link monitoring or path monitoring event occurs. You can also configure e-mail alerting for events of this nature and the PAN device will send e-mails when a failure is detected. You may find the following articles helpful:
https://live.paloaltonetworks.com/docs/DOC-4117
https://live.paloaltonetworks.com/message/8821#8821
If you have a syslog server then filtering on specific syslog events for notification purposes may be a viable option in your environment as well.
Hope this helps.
12-27-2012 01:16 PM
Thank you for the quick response. So, from the articles posted I understand that I CAN NOT configure an email alert based on the type "PBF" and event "nh-down" (which is what I am understanding is the ISP failover system log), but only on severity "informational". Is that correct? If this is the case, it would be extremely useful to allow for more granular configuration of emailing alerts/logs. Also, is there a way to change certain events to a different severity level? To our organization, an ISP failover is a high severity, maybe even critical.
12-27-2012 01:24 PM
David, your understanding is correct. In additional to this you cannot assign a different severity level to an event. While the level of granularity you require with regards to e-mail alerting does not currently exist this is a feature request you could submit through your Palo Alto systems engineer. Otherwise, alerting on syslog events through a configurable third party syslog utility may be your best option.
08-13-2015 01:20 PM
This post is rather old, but I'm trying to do the same thing. I want to know when we flip to our secondary ISP. We are using 5.0.14 and will be upgrading to 6.1 soon - is there any new info for these images?
Thank you
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
