Forward Logs to an Email Server
Focus
Focus
Strata Logging Service

Forward Logs to an Email Server

Table of Contents

Forward Logs to an Email Server

Learn how to forward logs from Strata Logging Service to an email server.
Where Can I Use This?What Do I Need?
  • Prisma Access (Managed by Strata Cloud Manager)
  • Prisma Access (Managed by Panorama)
  • NGFW (Managed by PAN-OS or Panorama)
  • NGFW (Managed by Strata Cloud Manager)
  • Strata Logging Service
  • You must have at least one of these licenses to use Strata Cloud Manager:Prisma Access, AIOps for NGFW Premium, Prisma SD-WAN
To get email notifications whenever critical issues occur on your network, you can configure Strata Logging Service to send notifications to an email destination. Strata Logging Service uses the Palo Alto Networks SMTP server to forward log information in an email format, and all emails are sent from noreply@cs.paloaltonetworks.com. The communication between Strata Logging Service and the email destination uses SMTP over TLS, and SMTP server certificate is signed by a trusted root CA.
  1. Sign In to the hub.
  2. Select the Strata Logging Service instance that you want to configure for email forwarding.
    If you have multiple Strata Logging Service instances, hover over the Strata Logging Service tile and then select an instance from the list of available instances.
    If you are using Strata Cloud Manager to manage Strata Logging Service, click SettingsStrata Logging ServiceLog Forwarding to manage log forwarding from Strata Logging Service instance to an external server.
  3. Configure email forwarding.
    You cannot add your SMTP server to Strata Logging Service currently.
    1. Select Log ForwardingAdd to add a new email forwarding profile.
    2. Enter a descriptive Name for the profile.
    3. Enter the email address of the administrator To whom you want to send email.
      You can enter up to ten additional email addresses, separated by commas, to add as BCC.
    4. Enter the Email Subject to clearly identify the purpose of the notification.
    5. Select the logs you want to forward.
      1. Add a new log filter.
      2. Select the Log Type.
      3. (Optional) Create a log filter to forward only the logs that are most critical to you.
        You can either write your own queries from scratch or use the query builder. You can also select the query field to choose from among a set of common predefined queries.
        • No double quotes (“”).
        • No subnet masks. To return IP addresses with subnets, use the LIKE operator. Example: src_ip.value LIKE “192.1.1.%”.
        If you want to forward all logs of the type you selected, do not enter a query. Instead, proceed to the next step.
      4. Save your changes.
      5. Add other log types for which you’d like to receive email notifications.
    6. Save your changes.
      Email forwarding is rate limited to allow 10 emails per second.
  4. Acknowledge to reach out to your Palo Alto Networks team to enable log forwarding from Strata Logging Service in China to an external log server. Be aware that configuring log forwarding profiles to send logs to servers outside China can result in personally identifiable information leaving China.
  5. Verify that the Status of your email forwarding profile is Running (
    ).
  6. (Optional) You can use the running Email forwarding profile to forward past logs spanning up to 3 days.