SNMP Trap Monitoring

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

SNMP Trap Monitoring

L1 Bithead

Hello,

We were wondering about the feasibility of configuring SNMP traps for some of our Firewalls instead of using SNMP polling.

Currently we're using SNMP polling to monitor information like :

- Interface status
- Interface bandwidth
- Temperature
- CPU Management and Data
- Log Rate
- Sessions
- HA cluster

 

In your documentation SNMP Monitoring and Traps, it says that we have to use Log Forwarding but we are unsure that the information we want to monitor exist in the Log type.

 

We will be glad if you could confirm that migrating to a SNMP trap solution will not impact our current monitoring information.

 

Thank you in advance.

5 REPLIES 5

Hi @Khassam ,

You have understand that correctly - SNMP traps in PAN firewalls are configured with log forwarding profiles, where you can specify which log type to be forwarded as trap.

 

However the screenshot you have provided is for Log Forwarding object, which is used for "traffic related" logs that you can apply on any security rules. What you actually need is here - https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-web-interface-help/device/device-log-settings For your specific case you need to configure log forwarding for System Logs and using the Filter to specify which exactly sub-type system logs you want to send as traps.

 

From top of my head I believe the following from your list are available as system logs and therefor can be forwarded as traps:

- interface status: log event for up or down is generated

- temperature: not completely sure, but I believe system log will be generated when critical temp is reaced

- cpu management and data: similar to temp, when critical levels are reached it should be logged.

- ha state: change in member state (passive, active or down) will be logged as well as HA interfaces (they are logged in ha sub-type )

 

I am not sure the following can be sent as traps:

- int bandwidth

- log rate

- session count

 

 

Cyber Elite
Cyber Elite

Hello,

SNMP polling is preferred to get more information on your device. I highly recommend using SNMPv3 for this purpose.

 

Regards,

 

Hello @aleksandar.astardzhiev , 

 

Thanks for your answer. 

I tried to find some documentation to confirm but with no success. I'll be glad if you have any document that confirm if each monitoring information will be available with SNMP Trap. 

 

Thank you 

Hello, 

 

I know but we have a new network configuration where It won't be possible to allow incoming SNMP flows. This is why we're trying to figure out the feasibility of a SNMP trap solution. 

Hi @Khassam ,

As I already mentioned - everything that is logged as log event can be forwarded as SNMP trap, you just need to find which log type and subtype to filter by. The type of information you mention is in system logs.

Here you can see what subtype its covers -  https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-admin/monitoring/use-syslog-for-monitoring/sysl...

https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/monitoring/view-and-manage-logs/log-types-...

  • 2633 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!