https://live.paloaltonetworks.com/t5/general-articles/how-to-add-log-forwarding-profiles-in-all-security-policies/ta-p/526763 <P>This Nominated Discussion Article is based on the post "<A href="https://live.paloaltonetworks.com/t5/general-topics/log-forwarding-profile-in-all-security-policies/td-p/205426" target="_blank" rel="noopener">Log Forwarding Profile in All Security Policies</A>" by&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/56772">@Javith_Ali</a>&nbsp;and answered by <A href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/43480" target="_blank" rel="noopener">@BPry</A>,&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/16592">@Remo</a>,&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/15603">@Raido_Rattameister</a>,&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/86594">@SteveKrall</a> and&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/11943">@kiwi</a>. Read on to see the discussion and solution!</P> <P>&nbsp;</P> <DIV class="lia-message-template-content-zone"> <BLOCKQUOTE> <P>Is there any other way to configure Log forwarding profile in all 300+ security policies in single shot.</P> <P>&nbsp;</P> <P>Currently there is no log forwarding profile in all 300+ policies.</P> <P>&nbsp;</P> </BLOCKQUOTE> <P>First of all I'd like to point out that starting with PAN-OS 10.2 you can add Log Forwarding Profiles in bulk using the policy optimizer:</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="kiwi_0-1673511148017.png" style="width: 999px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/46952iAC7649ABC87211FB/image-size/large?v=v2&amp;px=999" role="button" title="kiwi_0-1673511148017.png" alt="kiwi_0-1673511148017.png" /></span></P> <P>&nbsp;</P> <P>I'm sure this is a huge improvement for many users wanting to make these kind of bulk changes and aren't up for scripting or using different tools.</P> <P>&nbsp;</P> <P>If you aren't on PAN-OS 10.2, you can look into the alternatives listed below.</P> <P>&nbsp;</P> <P>You can export the XML and modify it manually. This is something you could script, but you would need to collect all of the security policy names to actually write that script.&nbsp;</P> <P>&nbsp;</P> <P>Other possibilities:</P> <UL> <LI>Script that first gets all existing rules and you then set the log forwarding profile with a foreach-loop in all existing rules</LI> <LI>Issue the cli command "set cli config-output-format set", go into config mode, show the security rulebase and include match statement like source zone. This will show you a list with your rules which you can copy to a text editor to replace all source zone parts with "log-setting LOGFORWADRINGPROFILENAME". And finally paste all these commands into the cli and commit</LI> </UL> <P>&nbsp;</P> <P>In your case you need to get list of rules like mentioned above and go from there:</P> <P><A href="https://live.paloaltonetworks.com/t5/General-Topics/Changing-Profiles-assigned-to-security-Rule/m-p/79284/highlight/true#M43228" target="_self">Changing Profiles Assigned to Security Rule</A></P> <P>&nbsp;</P> <P>Another option would be to dump config in "set format" to see the actual CLI command.</P> <P>&nbsp;</P> <P>I suggest adding the log forward option to at least 1 policy so you have a reference cli command. Then you can save this as a CSV file. Then sort the relevant data and delete everything else. Then add the missing syntax. Then convert the csv back to text and paste as CLI.</P> <P>&nbsp;</P> <P>Alternatively you can use Expedition, formerly known as the Migration Tool. This is one of the best things about the tool - batch rule changes (Setting Security Profiles on all rules, Log Forwarding, etc).</P> <P>&nbsp;</P> <P>Connect the FW (or Panorama) to the Migration Tool, ingest policies, multi-rule edit, then API push the rules back to Firewall &gt; Validate policies &gt; Commit.</P> <P>&nbsp;</P> <P>Another option is the pan-configuration tool which will also allow you to make bulk changes:</P> <P>&nbsp;</P> <P><A href="https://github.com/cpainchaud/pan-configurator" target="_blank" rel="noopener">https://github.com/cpainchaud/pan-configurator</A> or the newer version <A href="https://github.com/PaloAltoNetworks/pan-os-php" target="_blank" rel="noopener">https://github.com/PaloAltoNetworks/pan-os-php</A></P> <P>&nbsp;</P> <P>Use the rules-edit.php function to update all your rules with the new log profile.</P> </DIV> <DIV id="ConnectiveDocSignExtentionInstalled" data-extension-version="1.0.4">&nbsp;</DIV> Thu, 12 Jan 2023 15:15:55 GMT kiwi 2023-01-12T15:15:55Z https://live.paloaltonetworks.com/t5/general-articles/how-to-add-log-forwarding-profiles-in-all-security-policies/ta-p/526763 <P>&nbsp;</P> <DIV id="ConnectiveDocSignExtentionInstalled" data-extension-version="1.0.4">&nbsp;</DIV> Thu, 12 Jan 2023 15:15:55 GMT https://live.paloaltonetworks.com/t5/general-articles/how-to-add-log-forwarding-profiles-in-all-security-policies/ta-p/526763 kiwi 2023-01-12T15:15:55Z https://live.paloaltonetworks.com/t5/general-articles/how-to-add-log-forwarding-profiles-in-all-security-policies/tac-p/535454#M601 <P>One more great automation article and I love automating security <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P> Wed, 22 Mar 2023 15:55:25 GMT https://live.paloaltonetworks.com/t5/general-articles/how-to-add-log-forwarding-profiles-in-all-security-policies/tac-p/535454#M601 nikoolayy1 2023-03-22T15:55:25Z