This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Trap SNMP for threat

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Trap SNMP for threat

brunoetienne91
L0 Member

‎01-17-2012 03:01 AM

Hi all,

From the mib file named PAN-TRAPS.mib I can see that there are some information about threat objects.

Is there anybody who knows how to use this.

I have tried to generate some threats but no traps were sent to the manager.

Thanks

Bruno

Labels:
0 Likes Likes
2 REPLIES 2

jdelio
L7 Applicator

‎01-25-2012 08:55 AM

Bruno,
Please confirm the following:

Have you configured the Log forwarding settings in Objects tab? If not, you will have to create an entry to have SNMP traps occurs properly.

Click +Add to create a Log Forwarding Profile.

In this section, there are 2 sections to be forwarded: Traffic Settings and Threat Settings.

Each security policy can specify a log forwarding profile that determines whether traffic and threat log entries are logged remotely with Panorama, and/or sent as SNMP traps, syslog messages, or email notifications. By default, only local logging is performed.

Traffic logs record information about each traffic flow, and threat logs record the threats or problems with the network traffic, such as virus or spyware detection. Note that the antivirus, anti-spyware, and vulnerability protection profiles associated with each rule determine which threats are logged (locally or remotely).

Under threats, you will notice the Severity levels.  You have to configure SNMP(ver 2 or 3) with a SNMP Trap, Email and or Syslog destination. And every option has detailed settings.Please see below information about the Thread log settings.

Threat Log Settings

The severity levels are:

• Critical—Very serious attacks detected by the threat security engine.

• High—Major attacks detected by the threat security engine.

• Medium—Minor attacks detected by the threat security engine, including URL blocking.

• Low—Warning-level attacks detected by the threat security engine.

• Informational—All other events not covered by the other severity levels, including informational attack object matches.

I hope this helps answer your question.

LIVEcommunity team member
Stay Secure,
Joe
Don't forget to Like items if a post is helpful to you!

bable
Not applicable
In response to jdelio

‎01-28-2012 04:52 PM

Hi,

I do have the same problem. After a snmpwalk, I receive about 380 OID's. But the OID's which are provided by Palo Alto, refering to PAN-TRAPS are not available and not shown through snmpwalk.

How can I get the threat, virus, or any other snmp related trap.?

0 Likes Likes
  • 2775 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks