Managed PAs system log filtering and email alert on Panorama

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Managed PAs system log filtering and email alert on Panorama

L0 Member

If PAs are managed with Panorama and PAs are configured for log forwarding to Panorama. On Panorama > Log settings, Filter can be added for PAs system logs, logs can be seen on 'view filtered logs' as well. but email alerts are not generated. Only Panorama-based events are sent in email. If log settings are only for panorama system logs, then why it's showing the PAs system logs in view filtered logs. Is it expected to be like this? 

If yes, then is there any method to apply a filter for PA systems logs and create email alerts against that filter on Panorama? 

4 REPLIES 4

Cyber Elite
Cyber Elite

Thank you for posting question @b.nazir

 

Getting email alerts from Panorama for Firewall System Logs is functional feature and these alerts are not limited to Panorama System Logs. By looking into my Panorama setup where this is working, the setup is fairly straightforward and based on what you described your setup should work. Just in the case, could you please confirm that you configured it in a similar way as below example for critical logs.

 

PavelK_0-1638569201649.png

 

Kind Regards

Pavel

 

Help the community: Like helpful comments and mark solutions.

Hi Pavel, 

thanks for the quick reply.

yes, I have the same config but a different filter. Actually, I am trying to put a filter to detect the license expiration notification for managed PAs via email. 

In view filter logs, I can see all the events but not via email. Email settings are correct, getting email alerts for other severity levels.

2021_12_06_14_08_23_Panorama.png

 

 

Cyber Elite
Cyber Elite

Thank you for reply and additional information @b.nazir

 

I see. I just crosschecked setting on my side and searched my mailbox and I realized that I am getting these license expiration alerts directly from the Firewalls instead of from Panorama. The syslog as well as email profiles are pushed from Template. I have an email alert on Panorama for critical severities, but this alert comes from Firewall itself. I could not find any reference whether this is supported, however all examples from KB are referring to setting this up locally on Firewall, so potentially this is not supported from Panorama.

 

Kind Regards

Pavel

Help the community: Like helpful comments and mark solutions.

Sorry to hijack this thread, but I am having similar issue:

 

What am I missing here? I want an email alert when the Panorama sees a device pair not sync'd. I am using the System logs for this following this document: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClGjCAK

 

Filtering on (description contains 'synchronize manually') and (severity eq high)

 

Seems easy enough, but what I don't understand is how do you know it's working? There is no way to test and it doesn't really explain what triggers it to send, how often it checks, nothing.

 

The end of the doc says to look at this doc for "How to Configure Email Alerts" https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClHZCA0

But you can't select the System Logs that you just configured in the previous doc.

  • 2764 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!