If PAs are managed with Panorama and PAs are configured for log forwarding to Panorama. On Panorama > Log settings, Filter can be added for PAs system logs, logs can be seen on 'view filtered logs' as well. but email alerts are not generated. Only Panorama-based events are sent in email. If log settings are only for panorama system logs, then why it's showing the PAs system logs in view filtered logs. Is it expected to be like this?
If yes, then is there any method to apply a filter for PA systems logs and create email alerts against that filter on Panorama?
Thank you for posting question @b.nazir
Getting email alerts from Panorama for Firewall System Logs is functional feature and these alerts are not limited to Panorama System Logs. By looking into my Panorama setup where this is working, the setup is fairly straightforward and based on what you described your setup should work. Just in the case, could you please confirm that you configured it in a similar way as below example for critical logs.
thanks for the quick reply.
yes, I have the same config but a different filter. Actually, I am trying to put a filter to detect the license expiration notification for managed PAs via email.
In view filter logs, I can see all the events but not via email. Email settings are correct, getting email alerts for other severity levels.
Thank you for reply and additional information @b.nazir
I see. I just crosschecked setting on my side and searched my mailbox and I realized that I am getting these license expiration alerts directly from the Firewalls instead of from Panorama. The syslog as well as email profiles are pushed from Template. I have an email alert on Panorama for critical severities, but this alert comes from Firewall itself. I could not find any reference whether this is supported, however all examples from KB are referring to setting this up locally on Firewall, so potentially this is not supported from Panorama.
Sorry to hijack this thread, but I am having similar issue:
What am I missing here? I want an email alert when the Panorama sees a device pair not sync'd. I am using the System logs for this following this document: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClGjCAK
Filtering on (description contains 'synchronize manually') and (severity eq high)
Seems easy enough, but what I don't understand is how do you know it's working? There is no way to test and it doesn't really explain what triggers it to send, how often it checks, nothing.
The end of the doc says to look at this doc for "How to Configure Email Alerts" https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClHZCA0
But you can't select the System Logs that you just configured in the previous doc.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!