06-30-2022 01:21 PM - last edited on 06-30-2022 01:48 PM by JayGolf
In Log Forwarding Profile I have URL Filtering/All Logs going to a log collection server.
But for URLs of a phishing category I want those to be emailed. I tried to do this by
creating a second profile match list profile URL Filtering/phishing. But it doesn't
seem to be working. Any advice on how to have some go to email while
most go to log server?
06-30-2022 01:47 PM
Hi @MichaelMedwid ,
You can try creating a new security policy and place it above the "All URL" policy. In this policy you can reference a new URL filtering profile and emailing.
In the current setup, do you have the new profile referenced in a rule that is placed before your "ALL URL" policy? Perhaps the policy is not getting hit. Could you share more details about your config?
06-30-2022 06:28 PM - edited 06-30-2022 06:36 PM
I have log forwarding policy which is referencing log type "url" twice. The first says send all URL filtering logs to a collection server. That works fine. Then the second one is a subset which says send any malware or phishing URL filtering logs to an email distribution list. Then I published. I can see someone his a phishing link but no email ever arrived. (Also on that note is there a way to check if the PAN tried to send an email?) The log forwarding policy is apply to a rule that permit traffic from inside to outside. Most traffic is hitting this policy in this direction.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
