Palo Alto config log messages

gica78r · March 21, 2019, 1:55pm

Hello everybody,

I’m using Graylog 3.0 (enterprise version) to collect log messages from Palo Alto firewalls (PANOS version 8.1). It’s working fine with SYSTEM, THREAT and TRAFFIC logs. When adding the input for the PA firewalls on the Graylog web UI, I see three blocks for the message fields mapping (SYSTEM, THREAT and TRAFFIC). I would like to add field mappings also for CONFIG messages. How can I do this?

Thank you in advance,
Gianluca

jan · March 22, 2019, 8:33am

provide us the information how this logs are structured that we can build that in…

… or use a RAW input in Graylog and create extractors or a processing pipeline to normalize the logs

system · April 5, 2019, 8:34am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Graylog - Palo Alto globalprotect stage rules Graylog Add-ons	1	814	May 12, 2021
Issue on grok pattern Graylog Central (peer support)	3	270	February 15, 2019
Palo Alto Networks - Firewalls - Threat and URL filtering Content Pack content-pack	1	2436	June 30, 2022
Any clue for my idea from graylog perspective? Graylog Central (peer support)	8	451	October 1, 2018
How to build your SOC with Graylog Graylog Central (peer support) alert	6	1125	September 13, 2022

Palo Alto config log messages

Related Topics