Palo Alto config log messages

Hello everybody,

I’m using Graylog 3.0 (enterprise version) to collect log messages from Palo Alto firewalls (PANOS version 8.1). It’s working fine with SYSTEM, THREAT and TRAFFIC logs. When adding the input for the PA firewalls on the Graylog web UI, I see three blocks for the message fields mapping (SYSTEM, THREAT and TRAFFIC). I would like to add field mappings also for CONFIG messages. How can I do this?

Thank you in advance,

provide us the information how this logs are structured that we can build that in…

… or use a RAW input in Graylog and create extractors or a processing pipeline to normalize the logs

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.