Interesting logs found for Palo Alto Networks

Vendor

Palo Alto Networks

Description

For each supported device, Indeni will look for logs that are deemed "interesting" and alert when these are found.

Remediation Steps

For each line, extended information is included with specific remediation steps.

How does this work?

This alert logs into the Palo Alto Networks device through SSH and runs "grep" on multiple different mp-log files, looking for known issues. When found, these log lines are passed on to analysis and alerting.

Why is this important?

Most logs can be retrieved through syslog and sent for analysis in a variety of products and components (indeni's Dendron, Splunk and other syslog databases). Some logs cannot be sent via syslog. Palo Alto Network's mp-logs are an example of such logs. These are saved solely on the device itself as textual files and must be retrieved over SSH. Coincidentally, these logs contain important information regarding the failure of certain components and features and should be analyzed.

Without Indeni how would you find this?

An administrator is required to log into the Palo Alto Networks device manually and use the "grep mp-log" and "less mp-log" commands to review the mp-log files manually.

View Source Code
single