https://live.paloaltonetworks.com/t5/vm-series-in-the-public-cloud/palo-alto-logs-to-cloudwatch-logs-possible/m-p/366539#M1066 <P>One of the AWS SAs blogged about this:</P><P>&nbsp;</P><P><A href="https://aws.amazon.com/blogs/apn/monitoring-your-palo-alto-networks-vm-series-firewall-with-a-syslog-sidecar/" target="_blank">https://aws.amazon.com/blogs/apn/monitoring-your-palo-alto-networks-vm-series-firewall-with-a-syslog-sidecar/</A></P><P>&nbsp;</P><P>I found that it lends itself well to containerization as well.</P> Tue, 01 Dec 2020 16:38:13 GMT glynn 2020-12-01T16:38:13Z https://live.paloaltonetworks.com/t5/vm-series-in-the-public-cloud/palo-alto-logs-to-cloudwatch-logs-possible/m-p/282057#M650 <P>I'm looking to see if we're able to push Palo Alto VM's syslogs and traffic logs to AWS CloudWatch logs.</P><P>&nbsp;</P><P>Just to be clear, I'm not looking to <A href="https://docs.paloaltonetworks.com/vm-series/8-0/vm-series-deployment/set-up-the-vm-series-firewall-on-aws/deploy-the-vm-series-firewall-on-aws/enable-cloudwatch-monitoring-on-the-vm-series-firewall.html" target="_self">monitor Palo Alto metrics using CloudWatch&nbsp;</A>but need to push logs from the firewall to CloudWatch logs.</P><P>&nbsp;</P><P>Is this possible at all?</P><P>&nbsp;</P><P>Thanks.</P> Fri, 09 Aug 2019 14:39:40 GMT https://live.paloaltonetworks.com/t5/vm-series-in-the-public-cloud/palo-alto-logs-to-cloudwatch-logs-possible/m-p/282057#M650 chrisjin 2019-08-09T14:39:40Z https://live.paloaltonetworks.com/t5/vm-series-in-the-public-cloud/palo-alto-logs-to-cloudwatch-logs-possible/m-p/282194#M652 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/119659">@chrisjin</a>,</P><P>Officially I don't think this is supported at all, as CloudWatch doesn't really expose an easy way to injest logs outside of an instance with the agent installed. That being said, you can rig CloudWatch to look at /var/log/messages and configure an EC2 instance to accept your syslog messages and pass them to that location to get them into CloudWatch.&nbsp;</P> Sun, 11 Aug 2019 00:13:46 GMT https://live.paloaltonetworks.com/t5/vm-series-in-the-public-cloud/palo-alto-logs-to-cloudwatch-logs-possible/m-p/282194#M652 BPry 2019-08-11T00:13:46Z https://live.paloaltonetworks.com/t5/vm-series-in-the-public-cloud/palo-alto-logs-to-cloudwatch-logs-possible/m-p/366470#M1065 <P>Hi,</P><P>You need to have a IAM Role associated with the Palo Alto EC2 instance.</P><P>&nbsp;</P><P>AWSTemplateFormatVersion: 2010-09-09<BR />Resources:<BR />IAM-NPD-INT-PAFWMON:<BR />Type: 'AWS::IAM::Role'<BR />Properties:<BR />AssumeRolePolicyDocument:<BR />Version: 2012-10-17<BR />Statement:<BR />- Effect: Allow<BR />Principal:<BR />Service:<BR />- ec2.amazonaws.com<BR />Action:<BR />- sts:AssumeRole<BR />Policies:<BR />- PolicyName: PAFWMON_Policy<BR />PolicyDocument:<BR />Version: 2012-10-17<BR />Statement:<BR />- Effect: Allow<BR />Action: cloudwatch:PutMetricData<BR />Resource: '*'<BR />RootInstanceProfile:<BR />Type: "AWS::IAM::InstanceProfile"<BR />Properties:<BR />Path: "/"<BR />Roles:<BR />-<BR />Ref: "IAM-NPD-INT-PAFWMON"</P> Tue, 01 Dec 2020 14:13:09 GMT https://live.paloaltonetworks.com/t5/vm-series-in-the-public-cloud/palo-alto-logs-to-cloudwatch-logs-possible/m-p/366470#M1065 Sagar_D 2020-12-01T14:13:09Z https://live.paloaltonetworks.com/t5/vm-series-in-the-public-cloud/palo-alto-logs-to-cloudwatch-logs-possible/m-p/366539#M1066 <P>One of the AWS SAs blogged about this:</P><P>&nbsp;</P><P><A href="https://aws.amazon.com/blogs/apn/monitoring-your-palo-alto-networks-vm-series-firewall-with-a-syslog-sidecar/" target="_blank">https://aws.amazon.com/blogs/apn/monitoring-your-palo-alto-networks-vm-series-firewall-with-a-syslog-sidecar/</A></P><P>&nbsp;</P><P>I found that it lends itself well to containerization as well.</P> Tue, 01 Dec 2020 16:38:13 GMT https://live.paloaltonetworks.com/t5/vm-series-in-the-public-cloud/palo-alto-logs-to-cloudwatch-logs-possible/m-p/366539#M1066 glynn 2020-12-01T16:38:13Z