What is the 'custom' log format to be used when forwarding configuration logs to 'Palo Alto Networks App' in Splunk?

What is the 'custom' log format to be used when forwarding configuration logs to 'Palo Alto Networks App' in Splunk?

4162
Created On 02/23/24 19:43 PM - Last Modified 08/05/24 21:35 PM


Question


What is the 'custom' log format to be used when forwarding configuration logs to 'Palo Alto Networks App' in Splunk?

Environment


  • Palo Alto Panorama or Firewall
  • Supported PAN-OS
  • Splunk Server using Palo Alto Networks App

Answer


Configure the custom log format for configuration as follows:

  1. Go to  GUI: Device > Server Profiles > Syslog > Syslog Server Profile >
  2. Edit the configured syslog server profile.
  3. Click on "Custom Log Format".
  4. Under "log type", Click on "Config".
  5. Use the following custom Log Format.
  6. Click "OK" and commit the configuration.
$domain,$receive_time,$serial,$type,$subtype,$config_ver,$time_generated,$host,$vsys,$cmd,$admin,$client,$result,$path,$seqno,$actionflags,$before-change-detail,$after-change-detail,$dg_hier_level_1,$dg_hier_level_2,$dg_hier_level_3,$dg_hier_level_4,$vsys_name,$device_name,$dg_id,$comment,$tpl_id,$high_res_timestamp


Additional Information


'Palo Alto Networks' App for Splunk: https://splunkbase.splunk.com/app/491
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000008XHKCA2&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language