Palo Alto config log messages

gica78r · March 21, 2019, 1:55pm

Hello everybody,

I’m using Graylog 3.0 (enterprise version) to collect log messages from Palo Alto firewalls (PANOS version 8.1). It’s working fine with SYSTEM, THREAT and TRAFFIC logs. When adding the input for the PA firewalls on the Graylog web UI, I see three blocks for the message fields mapping (SYSTEM, THREAT and TRAFFIC). I would like to add field mappings also for CONFIG messages. How can I do this?

Thank you in advance,
Gianluca

jan · March 22, 2019, 8:33am

provide us the information how this logs are structured that we can build that in…

… or use a RAW input in Graylog and create extractors or a processing pipeline to normalize the logs

system · April 5, 2019, 8:34am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Log FW palo alto (content pack, graylog 3.2) Graylog Central (peer support)	15	2014	October 23, 2020
Log normalization Graylog Central (peer support)	11	1633	May 24, 2019
New to Graylog - Palo Alto Logs New to Graylog Community? READ-ME FIRST Guides	0	177	June 27, 2024
Palo Alto Networks Next Generation Firewall - Traffic, Threat, Config and System Extractor Other Solutions other_solutions	0	2496	March 24, 2022
Not reading threat input from Palo Alto Graylog Central (peer support)	6	1430	October 28, 2019

Palo Alto config log messages

Related topics