Prisma Cloud Compute: How to whitelist writing messages to /var/log/messages

Prisma Cloud Compute: How to whitelist writing messages to /var/log/messages

905
Created On 04/17/25 18:05 PM - Last Modified 08/22/25 17:24 PM


Objective


This article explains how we can whitelist defender writing messages to syslog i.e /var/log/messages.

Environment


  • Prisma Cloud Compute Edition
  • Prisma Cloud Enterprise Edition

Procedure


  • Please try the following steps:

    1. Go to /etc/rsyslog.d 
    2. Add a new conf file here let's say "Defender.conf" (vi Defender.conf) 
    3. Add below line in the Defender.conf file: if $msg contains "<write-your-message-here>" then stop 
    4. Save file.
    5.  Restart syslog server: sudo systemctl restart rsyslog

 
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA1Ki000000TN57KAG&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language