Configure Filtered Email Forwarding
Create a MailGun account
Go to mailgun.com.
Sign up for a free account and complete the verification steps. (Note: there is no need to configure a custom domain, just continue to your control panel)
After activating your account, scroll to the bottom of the mailgun.com page to the section titled “Sandbox Domains”.
Click on the Authorized Recipients link to register and verify your email.
Click the domain name link (see picture above). Leave this page open.
In a new browser window, navigate to the GUI for your firewall.
Create HTTP Server Profile
In the firewall GUI, navigate to Device->Server Profiles->HTTP.
Click Add at the bottom of the screen.
Enter a name for the profile.
On the Servers tab, click Add.
Enter information for all of the following fields:
Name: Enter a descriptive name (e.g. MailGun).
Address: api.mailgun.net
Protocol: HTTPS
Port: 443
HTTP Method: POST
Username: api
Password: the API key listed on the mailgun site
Click the Test Server Connection button
On the Payload Format tab, click on the log type of interest, in this example: System.
Enter a name for the format (e.g. mailgun system).
In the URI Format field Enter the portion of the API Base URL following api.mailgun.net from the mailgun page, followed by /messages. For example:
This yields “/v3/sandbox7b79131630b8458eb3f13bcff9ff1ced.mailgun.org/messages”
In the Parameters section, create the following parameter pairs:
Parameter
Value
from
[email protected] (can be any from address)
to
<your verified email address>
subject
A $severity system log of type $subtype was received.
text
A system log of severity $severity says: $opaque
Your format should look similar to this:
Alternately, you can configure the text parameter in the payload text area.
Here is the example of a text in the payload for the email:
text=A System log with the following data was received:
PAN-OS= $sender_sw_version
subtype= $subtype
type= $type
severity= $number-of-severity
Time= $cef-formatted-receive_time
Serial= $serial
Device Name= $device_name
Module= $module
Message= $opaque
Sequence Number= $seqno
Event Type= $eventid
Object= $object
PanOSDGl1= $dg_hier_level_1
PanOSDGl2= $dg_hier_level_2
PanOSDGl3= $dg_hier_level_3
PanOSDGl4= $dg_hier_level_4
PanOSVsysName= $vsys_name
Virtual System= $vsys
Click Send Test Log
Check to assure your email was received:
Click OK
Click OK
Configure Log Forwarding for Desired Log Types
For this example, we will configure the system log forwarding.
Go to Device->Log Settings.
Under System click Add.
Enter a name in the Log Settings – System window (e.g. ‘fwd to email’).
In the filter area, use the filter builder to create a filter for system logs that you would like forwarded to your inbox (e.g. ‘description contains commit’).
Click OK, commit the changes.
Testing and Troubleshooting
If you used the ‘description contains commit’ filter above, you can test your configuration by committing a change on your firewall.
Troubleshooting:
Mailgun offers a set of logs displaying any successful emails sent:
If you have custom service routes, check to make sure the service route for “HTTP” is configured to allow the firewall or Panorama reach the API service:
Created by Jamie Fitz-Gerald