3 Replies Latest reply on Sep 27, 2019 8:44 AM by elkinst

    NCM Real Time Change Notice on Palo's seem to be one update behind.

    elkinst

      So I've used and supported SolarWinds in a Cisco environment for years.

       

      I just recently added some Palo Alto Firewalls to NCM.

       

      I created two new Syslog viewer alerts for Palo, one sends login notice e-mail's and works fine.

       

      The other alert looks only at messages from my Palo IP's with the message pattern " *Config*,*commit* ", and executes: "C:\Program Files (x86)\SolarWinds\Orion\SolarWinds.NCM.RTNForwarder.exe ${IP_Address},RealtimeNotification,${DateTime},${Message}"
      It downloads the config before the Palo has truly completed the update process ( commit not completed yet).

       

      The issue is the change notice e-mail is literally a comparison of the prior version to the version before that, not the current running config.

       

      For example if I create a new object Test1, on the firewall and commit the change at 1200, RTN does its stuff.

      At 1230 I create a new object Test2 and commit the change, when I get the change E-mail from SolarWinds, it shows the Test1 object was created, not the Test2 object.

      I update the firewall the next day, and do a commit, the e-mail shows the Test2 object was created ( which was done the day prior)

      Is there any way to slow down the processing of the real time change actions for my Palo's?
      I'm assuming someone has seen this, but didn't see any posts about it.