How to stop logging specific threat logs

How to stop logging specific threat logs

284
Created On 07/22/22 16:04 PM - Last Modified 11/15/25 00:22 AM


Objective


The purpose of this document is to describes the steps required to stop logging specific threat logs. There might be scenarios where customers do not want to receive specific threat logs to a SIEM but still receive logs for others. 

Environment


  • Any Palo Alto Networks Firewall.
  • Any PAN OS.

Procedure


  1. Go to Objects - Security Profiles - Select the security profile you want to avoid generating the threat log.
  2. Go to the exception tab and change the action for the threat id to "allow"
image.png

Additional Information


Note: by doing this, Palo Alto Networks Firewall won't generate logs but the traffic will be allowed. If this is not feasible, define filters under log forwarding profile. Refer to Tutorial: Filtered Log Forwarding
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000Cqj3CAC&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail