06-23-2014 07:10 AM
Hey Community -
Wondering if anyone has come up with a good way to automate an alert / alarm when there is an issue with a Firewall reporting to a DLC (distributed log collector)? We have about 27 firewalls all of which send to 1 of 4 log collectors, and we are seeing an increase of Log Forwarding issues --> Some sending only Denies (when all rules are set to forward logs), Some not sending Any... The fix for this is to restart the Log Forwarding process on each device, but this can be very time consuming to check each of the 27 devices to make sure we're getting the logs we expect to get, and then restart the process if necessary. We are relying on the logs in the DLC's for PCI compliance, and to date, Palo Alto Support claims there is no way to get notified if a Firewall stops sending logs to a log forwarder. I would love to hear anything creative anyone else has done to help alleviate this headache...?
Thanks!
Matt
