Log Forwarding Articles
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Featured Article
Configure Filtered Email Forwarding   Create a MailGun account   Go to mailgun.com. Sign up for a free account and complete the verification steps. (Note: there is no need to configure a custom domain, just continue to your control panel) After activating your account, scroll to the bottom of the mailgun.com page to the section titled “Sandbox Domains”. Click on the Authorized Recipients link to register and verify your email.   Click the domain name link (see picture above). Leave this page open. In a new browser window, navigate to the GUI for your firewall.   Create HTTP Server Profile In the firewall GUI, navigate to Device->Server Profiles->HTTP. Click Add at the bottom of the screen. Enter a name for the profile. On the Servers tab, click Add. Enter information for all of the following fields: Name: Enter a descriptive name (e.g. MailGun). Address: api.mailgun.net Protocol: HTTPS Port: 443 HTTP Method: POST Username: api Password: the API key listed on the mailgun site   Click the Test Server Connection button   On the Payload Format tab, click on the log type of interest, in this example: System. Enter a name for the format (e.g. mailgun system). In the URI Format field Enter the portion of the API Base URL following api.mailgun.net from the mailgun page, followed by /messages. For example:               This yields “/v3/sandbox7b79131630b8458eb3f13bcff9ff1ced.mailgun.org/messages” In the Parameters section, create the following parameter pairs: Parameter Value from admin@myfirewall.net (can be any from address) to <your verified email address> subject A $severity system log of type $subtype was received. text A system log of severity $severity says: $opaque   Your format should look similar to this:    Alternately, you can configure the text parameter in the payload text area.   Here is the example of a text in the payload for the email: text=A System log with the following data was received:   PAN-OS= $sender_sw_version subtype= $subtype type= $type severity= $number-of-severity Time= $cef-formatted-receive_time Serial= $serial Device Name= $device_name Module= $module Message= $opaque Sequence Number= $seqno Event Type= $eventid   Object= $object PanOSDGl1= $dg_hier_level_1 PanOSDGl2= $dg_hier_level_2 PanOSDGl3= $dg_hier_level_3 PanOSDGl4= $dg_hier_level_4 PanOSVsysName= $vsys_name Virtual System= $vsys   Click Send Test Log   Check to assure your email was received:     Click OK Click OK   Configure Log Forwarding for Desired Log Types For this example, we will configure the system log forwarding. Go to Device->Log Settings. Under System click Add. Enter a name in the Log Settings – System window (e.g. ‘fwd to email’). In the filter area, use the filter builder to create a filter for system logs that you would like forwarded to your inbox (e.g. ‘description contains commit’). Click OK, commit the changes.   Testing and Troubleshooting If you used the ‘description contains commit’ filter above, you can test your configuration by committing a change on your firewall.   Troubleshooting: Mailgun offers a set of logs displaying any successful emails sent:   If you have custom service routes, check to make sure the service route for “HTTP” is configured to allow the firewall or Panorama reach the API service:      Created by Jamie Fitz-Gerald
View full article
Customer Advisories

Your security posture is important to us. If you’re a Palo Alto Networks customer, be sure to login to see the latest critical announcements and updates in our Customer Advisories area.

Learn how to subscribe to and receive email notifications here.

Listen to PANCast

PANCast is a Palo Alto Networks podcast that provides actionable insights to customers, helping you maximize your investment while improving your cybersecurity posture.

Top Contributors