FW Palo alto Logs

Graylog Central (peer support)
21

hi thanks @tmacgbay on my centos7 server, I only did this part

gray
gray.PNG1005×333 22.7 KB

I still do not fully understand the other changes to make

23

you do the section you copy above, plus you read the upgrade notes ( https://docs.graylog.org/en/3.0/pages/upgrade/graylog-3.0.html ) and adjust your configuration.

1 Like
24

yes i did it :heart_eyes::heart_eyes: I did the normalization of my FW palo alto logs, now, I have the standardized palo alto logs with graylog 2.5

25

Format your logs at firewall as CEF and then ether create CEF input, or use pipeline.

https://docs.paloaltonetworks.com/resources/cef

1 Like
26

thanks a lot @kilamzh I made the normalization of the palo alto firewall logs through u content pack in graylog market place

27

Hi, When i make an ssh connection to the fw palo alto with an incorrect password, this ssh connection does not get into the logs on Graylog interface web ! why ?To configure the syslog profile I followed this link https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClFfCAK

28

Failed SSH would probably go into Management log, not threat.

1 Like
29

Management log ? Can you explain it to me ?

30

Sorry, I should of say system log instead of management. PANOS v.8 also has Authentication log. Review this document for details https://docs.paloaltonetworks.com/resources/cef

1 Like
31

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.