https://live.paloaltonetworks.com/t5/vm-series-in-the-public-cloud/pa-vm-series-syslog-ingest-log-to-azure-log-analytic-workspace/m-p/565589#M2031 <P>Hi <a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/330369">@Meng_Kiat_DOS-GCC</a> ,</P> <P>Basically yes. However if you plan it to use Microsoft Sentinel to ingest those logs, you will need to configure PAN firewall to use CEF, otherwise the AMA will ignore the syslog messages from the firewall and will not forward them to the workspace.</P> <P>&nbsp;</P> <P>On the following link you can find reference guide how to setup custom sylog format to CEF - <A href="https://docs.paloaltonetworks.com/resources/cef" target="_blank">https://docs.paloaltonetworks.com/resources/cef</A></P> <P>&nbsp;</P> Tue, 14 Nov 2023 14:26:32 GMT aleksandar.astardzhiev 2023-11-14T14:26:32Z https://live.paloaltonetworks.com/t5/vm-series-in-the-public-cloud/pa-vm-series-syslog-ingest-log-to-azure-log-analytic-workspace/m-p/565462#M2030 <P>Hi all,</P> <P>&nbsp;</P> <P>May i know if anyone had experience setting up VM Series FW to ingest the syslog to Azure log analytic? Is it the only is to setup a new intermediate syslog server install with Azure AMA, the VM series will send syslog to the new syslog server and AMA will ingest the log to log analytic ?</P> <P>&nbsp;</P> <P>Thanks for the help <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P> <P>&nbsp;</P> <P>Thank you,</P> <P>Meng Kiat</P> Tue, 14 Nov 2023 03:36:27 GMT https://live.paloaltonetworks.com/t5/vm-series-in-the-public-cloud/pa-vm-series-syslog-ingest-log-to-azure-log-analytic-workspace/m-p/565462#M2030 Meng_Kiat_DOS-GCC 2023-11-14T03:36:27Z https://live.paloaltonetworks.com/t5/vm-series-in-the-public-cloud/pa-vm-series-syslog-ingest-log-to-azure-log-analytic-workspace/m-p/565589#M2031 <P>Hi <a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/330369">@Meng_Kiat_DOS-GCC</a> ,</P> <P>Basically yes. However if you plan it to use Microsoft Sentinel to ingest those logs, you will need to configure PAN firewall to use CEF, otherwise the AMA will ignore the syslog messages from the firewall and will not forward them to the workspace.</P> <P>&nbsp;</P> <P>On the following link you can find reference guide how to setup custom sylog format to CEF - <A href="https://docs.paloaltonetworks.com/resources/cef" target="_blank">https://docs.paloaltonetworks.com/resources/cef</A></P> <P>&nbsp;</P> Tue, 14 Nov 2023 14:26:32 GMT https://live.paloaltonetworks.com/t5/vm-series-in-the-public-cloud/pa-vm-series-syslog-ingest-log-to-azure-log-analytic-workspace/m-p/565589#M2031 aleksandar.astardzhiev 2023-11-14T14:26:32Z https://live.paloaltonetworks.com/t5/vm-series-in-the-public-cloud/pa-vm-series-syslog-ingest-log-to-azure-log-analytic-workspace/m-p/565751#M2034 <P>Hi Aleksandar,</P> <P>&nbsp;</P> <P>Thank for the information. Take note and will try out.</P> <P>&nbsp;</P> <P>Thank you !!</P> Wed, 15 Nov 2023 06:10:12 GMT https://live.paloaltonetworks.com/t5/vm-series-in-the-public-cloud/pa-vm-series-syslog-ingest-log-to-azure-log-analytic-workspace/m-p/565751#M2034 Meng_Kiat_DOS-GCC 2023-11-15T06:10:12Z