Friday, May 14, 2021

Enable sending PaloAlto Firewall logs to Email Account

 If you are using PALO-ALTO Firewalls, which they are great products according to my experience, you would not want to be connected all the time to check events/threats and monitor the everything all the time.

this would be time waste and of course you will not get better benefits from sitting the whole time in front of the screen.

 

Other way is enabling log forwarding to an external receiver.

the options available to forward the logs are as below:

1. SNMP

2. EMAIL

3. SYSLOG

4. HTTP

Creating Log forwarding, select the option and click on ADD:













Go to Objects > Log Forwarding > Add

Now add the information below:












Select from the Log type drop list> I'm selecting threats which will check vulnerabilities and Viruses and File checking and this of course will include Wildfire submissions as you can see in my email list below






A great option to use here will be EMAIL, you can send threats for a specific rule to your EMAIL Inbox.

For Example, an important rule like incoming rules used to allow emails coming inbound to Exchange server or security policy rule for the traffic allowed to hosts accessing internet.


 

you will be able to add the option to get alerts for threats coming in emails for example.

here is how to enable the Log forwarding to email:

you should see a drop list under the option Log Forwarding:



at the end this what you will start seeing in your email feed:

The type is threat, source IP and destination IP, the name of the policy which in my case is INCOMING-EMAIL, Logset which is the log type we chose as logging forward to email











 

 

 

 

 

 

 

 

 

 

 

 

you can do the same for any log forward enabled policy.

Hope this was useful!

#CCIE #NETWORKSECURITY #PCNSE #PCNSA #PALOALTONETWORKS

Samer R.Saleem



No comments:

Post a Comment

Python-Jinja template configuration generator for Cisco devices and printout configs to external text files

 In this post, I worked on collecting a code that works with Jinja template. the nice thing in working with Jinja is that you can have basel...