10-23-2020 01:32 AM - edited 10-26-2020 07:37 AM
I want to list alarms that occurs on a VM-50 Firewall and I don't know how to do it. With the ssh CLI, it's possible to list many log types as config, threat, wildfire and alarms. But with the XML API, I can list some logs, threat or config by example (Here the doc) but not alarms. Is it possible ?
If it's not possible, is there a place (in documentation?) where this choice is justified ?
I use a VM-50 firewall with the 10.0.1 version of PAN-OS, and I use the account admin in this case with Superuser role
In others terms, I want to do this request :
curl -k -X GET "https://<firewall-ip>/api/?key=<api-key>&type=log&log-type=alarm"
But it's not possible for now, I got this response:
<response status = 'error' code = '400'><result><msg>Illegal value for parameter "log-type" [alarm]. Should be one of : [auth, config, corr, corr-categ, corr-detail, data, decryption, external, globalprotect, gtp, hipmatch, iptag, sctp, system, threat, traffic, tunnel, url, userid, wildfire].</msg></result></response>
Thank you in advance
10-26-2020 03:48 AM
Based on the response you received from the API, it appears Alarms is not possible to query via API
10-26-2020 07:35 AM
Ok, but why this feature is available through CLI command and not API ? With the default administrator account, I can list alarms through CLI but not with the API. It's a bit weird
Is there an place where this choice is justified ? I ask the question to anyone who is able to answer me
10-26-2020 12:48 PM
Many of the ppl who use these threads are PANW customers as well.
We are a community to assist each other.
As for where a place that this is justified... well, you can open a ticket with TAC to get official support.
However, my comment was based on the response that the FW provided to you.
For whatever reason, PANW engineering did not include an API to query for alarms. Why? I do not know, but I am glad to help you determine what your next steps are.
And I do agree, it is a bit weird; all we can do, is work together as a community.
I do not see the API supports this.
Please contact PANW TAC and advise, so we can grow!
10-27-2020 07:50 AM
Thank you for your answer. My previous answer might sound rough, but it wasn't my intention.
I will contact the technical support for more details on this. I'm building a product that will be able to list events and alarms, so I would like to to it through API. Maybe I can make a shell script to connect through SSH. I will make research on that
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!