Managed PAs system log filtering and email alert on Panorama

cancel
Showing results for 
Search instead for 
Did you mean: 

Managed PAs system log filtering and email alert on Panorama

L0 Member

If PAs are managed with Panorama and PAs are configured for log forwarding to Panorama. On Panorama > Log settings, Filter can be added for PAs system logs, logs can be seen on 'view filtered logs' as well. but email alerts are not generated. Only Panorama-based events are sent in email. If log settings are only for panorama system logs, then why it's showing the PAs system logs in view filtered logs. Is it expected to be like this? 

If yes, then is there any method to apply a filter for PA systems logs and create email alerts against that filter on Panorama? 

3 REPLIES 3

L5 Sessionator

Thank you for posting question @b.nazir

 

Getting email alerts from Panorama for Firewall System Logs is functional feature and these alerts are not limited to Panorama System Logs. By looking into my Panorama setup where this is working, the setup is fairly straightforward and based on what you described your setup should work. Just in the case, could you please confirm that you configured it in a similar way as below example for critical logs.

 

PavelK_0-1638569201649.png

 

Kind Regards

Pavel

 

Help the community: Like helpful comments and mark solutions.

Hi Pavel, 

thanks for the quick reply.

yes, I have the same config but a different filter. Actually, I am trying to put a filter to detect the license expiration notification for managed PAs via email. 

In view filter logs, I can see all the events but not via email. Email settings are correct, getting email alerts for other severity levels.

2021_12_06_14_08_23_Panorama.png

 

 

L5 Sessionator

Thank you for reply and additional information @b.nazir

 

I see. I just crosschecked setting on my side and searched my mailbox and I realized that I am getting these license expiration alerts directly from the Firewalls instead of from Panorama. The syslog as well as email profiles are pushed from Template. I have an email alert on Panorama for critical severities, but this alert comes from Firewall itself. I could not find any reference whether this is supported, however all examples from KB are referring to setting this up locally on Firewall, so potentially this is not supported from Panorama.

 

Kind Regards

Pavel

Help the community: Like helpful comments and mark solutions.
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!