Extractors for PAN-OS TRAFFIC, THREAT, SYSTEM and CONFIG syslog for Graylog
This is only extractor - it won’t create a new input, dashboard or any other funkiness.
Tested on Graylog 3.1.2
See Extracting TRAFFIC, THREAT, CONFIG and SYSTEM syslog from a Palo Alto Networks Next Generation Firewall with Graylog | my world of IT for a screenshot version of this guide.
- Download the relevant .json file from this repo for your PAN-OS version (PAN-OS 8.1 or higher supported), open that JSON file up in Notepad (or similar) and copy the contents to clipboard.
- On your Graylog web management console head to System / Inputs > Inputs.
- From the list select the 'Manage extractors’ option next to your syslog input.
- Click the Actions drop down and select ‘Import extractors’.
- Paste the contents of the clipboard into the ‘Extractors JSON’ and click ‘Add extractors to input’.
- Following the confirmation message head over to Streams, and select the stream that your PAN-OS syslog data is being captured in. From there you should now see any new data being parsed with the extractor.