02-17-2021 03:54 AM
Hello,
We use centreon as monitoring tool and I get the next alert from palo alto devices
PALO ALTO NETWORKS CONTENT VALIDATION CHECK SKIPPED BY USER 'CENTREON USER' FOR [CONTENT VERSION]"
I found the next documentation about this
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PNs4CAG
but I have some doubt about this check.
Firsly when say "If the update server reports that the content update has been revoked then the validation fails." someone know if in system log we see some message telling us if this happened? and if yes what message we will get?
After read the article I understood that the check validation check skipped log is triggered when in this case centreon do the check now, to inform it's not necessary to do it again. if the check now is done by the panorama user we will see the same log with the panorama user instead of the centreon user, this is correct?
thank you very much in advance for your help!!! 🙂
02-17-2021 04:31 AM
Good Morning
The content validation is merely to confirm whether a Content Update is ideal or not for use in the FW. Sometimes PANW has sent out multiple versions of a content package (prior to 8.1), and now, the FWs can validate if what they are scheduled to download is a "good copy". I do not believe I have seen an warning message in any log that states that the content package was revoked or failed. The FW would simply not down that package. Why would that be important? I value your opinion.... 😛
From my perspective, as long as the FW is downloading acceptable content updates, it would seem redundant to even know that a invalidated package was not downloaded. I have checked my system logs on both 9.1 and 10 FWs and I am not able to see an invalidate content or revoked content message. This is why I make my statement.
I think the purpose of the article is to let you know, that the Panorama will do the check and tell the FW to NOT validate, as the mgmt appliance has already done that.
Thanks.
02-18-2021 11:11 PM
Hello,
thank you for your answer!!!
- Why would that be important? It's important for me becuase I get this alarma in my monitoring tool and need to understand what this exactly mean to take action if necessary.
I get this mesage with panorama user and with centreon user, then this mean that the validation can be done by centreon too?
and if the content update is revoqued after you downloaded it, how are you adviced about that? the fw perform the change to other old version stable?
and other thing that don't understand is why appear with severity high? not should be informational?
thank you so much for your help Steve!
😛
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
