Need help in setting up the email alerts for the Pan firewalls.

Reply
nmsecteam
L0 Member

Need help in setting up the email alerts for the Pan firewalls.

I am trying to setup email alerts when the device goes down or the interface goes down.

To complete this task, I had configured the email server and under the device tab -- log settings-- critical -- I set it to be forwarded to the email server.

Also when configuring the email server profile, under the custom log format, under system I chose the following fields

$severity$module$actionflags$object$time_generated

I am getting the alerts, but none of these alerts have the ip address or any device information. Does any one know, what fields I need to choose to get the device information like the hostname

Ameya-Kawimandan
L5 Sessionator

Two Options:

Prominent option

> Choose the 'Display name' in the Email Server profile to reflect the Hostname/IP address.

Cryptic Option:

>You can choose the 'Serial No' field in the  Custom Log Format "$serial" which is a distinctive identifer for every device.

Regards,

AK

nmsecteam
L0 Member

Ameya,

I dont see the option for "display name/ip address". I only see, the serial no, which for me is not an ideal case scenario.

Praveen

Ameya-Kawimandan
L5 Sessionator

Display name configured in the Email Server Profile which needs to be associated with the Log settings would show up in the "From:" field of the email notifications.

Eg:

Configure Email server profile say Test with Display name =Host name[Device>Server Profile> Email]

Associate this profile with the System Logs -Critical severity  [Device>Log Settings> System >Critical]

You would receive email notifications with the from feild populated with the Host name 

eg.From:Host-ABC  <ak@xyz.com>


Please check the highlighted portion in this snapshot.

EMAIL profile.bmp

Refer https://live.paloaltonetworks.com/docs/DOC-2390

Regards,

Ameya

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!