Why forwarded GlobalProtect logs are not displayed in correct CEF format on Syslog server?

Why forwarded GlobalProtect logs are not displayed in correct CEF format on Syslog server?

2694
Created On 01/11/23 09:06 AM - Last Modified 03/08/24 22:05 PM


Question


Why forwarded GlobalProtect logs to Syslog server are not displayed in the correct CEF format like other log types (Traffic, Threat,..)?

Environment


  • Firewalls appliances.
  • Panorama appliances.
  • PAN-OS 10.0.0+

Answer


  1. GlobalProtect log format has different fields ordering, and some fields don't exist such as severity.
  2. Reorder the fields in the GlobalProtect CEF log format to match the columns’ configured under the Syslog server.

Additional Information



 

 
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000kGDJCA2&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail