https://live.paloaltonetworks.com/t5/general-topics/are-there-way-that-fw-forward-url-data-filtering-logs-to-esm/m-p/1608#M1207 <HTML><HEAD></HEAD><BODY><P>Like achitwadgi said: If you are receiving URL logs on panorama, then the firewall should have had Log forwarding configured. In GUI:Objects&gt;Log Forwarding Profile, there should have been a profile created with Panorama check box checked for "informational" severity. This profile should then be applied to the security rules.</P><P><A _jive_internal="true" href="https://live.paloaltonetworks.com/docs/DOC-2173">https://live.paloaltonetworks.com/docs/DOC-2173</A></P></BODY></HTML> Thu, 25 Jul 2013 03:35:58 GMT dreputi 2013-07-25T03:35:58Z https://live.paloaltonetworks.com/t5/general-topics/are-there-way-that-fw-forward-url-data-filtering-logs-to-esm/m-p/1606#M1205 <HTML><HEAD></HEAD><BODY><P>Hello,</P><P></P><P>I know there are not log type of url &amp; data filtering on syslog server profile.</P><P>But my customer want to receive two logs to ESM system by syslog.</P><P>Are there ways?</P><P>Please let me know it if there are.</P><P></P><P>And I have a question.</P><P>Panorama is received this logs(url , data) from FW.</P><P>Why is it able to receive?</P><P></P><P>Thanks.</P></BODY></HTML> Wed, 24 Jul 2013 08:38:12 GMT https://live.paloaltonetworks.com/t5/general-topics/are-there-way-that-fw-forward-url-data-filtering-logs-to-esm/m-p/1606#M1205 KiCheon.Lee 2013-07-24T08:38:12Z https://live.paloaltonetworks.com/t5/general-topics/are-there-way-that-fw-forward-url-data-filtering-logs-to-esm/m-p/1607#M1206 <HTML><HEAD></HEAD><BODY><P>URL logs are stored as "informational" threat logs on the PA device.</P><P>So, in your log forwarding profile, under Threat, enable "informational" severity. This should enable URL log forwarding to your syslog server.</P><P></P><P>Something similar to your question was discussed in : <A _jive_internal="true" href="https://live.paloaltonetworks.com/message/13326#13326">https://live.paloaltonetworks.com/message/13326#13326</A></P></BODY></HTML> Wed, 24 Jul 2013 12:27:07 GMT https://live.paloaltonetworks.com/t5/general-topics/are-there-way-that-fw-forward-url-data-filtering-logs-to-esm/m-p/1607#M1206 goku123 2013-07-24T12:27:07Z https://live.paloaltonetworks.com/t5/general-topics/are-there-way-that-fw-forward-url-data-filtering-logs-to-esm/m-p/1608#M1207 <HTML><HEAD></HEAD><BODY><P>Like achitwadgi said: If you are receiving URL logs on panorama, then the firewall should have had Log forwarding configured. In GUI:Objects&gt;Log Forwarding Profile, there should have been a profile created with Panorama check box checked for "informational" severity. This profile should then be applied to the security rules.</P><P><A _jive_internal="true" href="https://live.paloaltonetworks.com/docs/DOC-2173">https://live.paloaltonetworks.com/docs/DOC-2173</A></P></BODY></HTML> Thu, 25 Jul 2013 03:35:58 GMT https://live.paloaltonetworks.com/t5/general-topics/are-there-way-that-fw-forward-url-data-filtering-logs-to-esm/m-p/1608#M1207 dreputi 2013-07-25T03:35:58Z https://live.paloaltonetworks.com/t5/general-topics/are-there-way-that-fw-forward-url-data-filtering-logs-to-esm/m-p/1609#M1208 <HTML><HEAD></HEAD><BODY><P>Thank you for your answer, achitwadgi and dreputi.</P><P></P><P>FWs send url logs by threat information severity of syslog. (The value of threat subtype field is url)</P><P>Also FWs send file logs by threat low severity of syslog. (The value of threat subtype field is file)</P><P>Low severity include alert , allow , forward and deny actions on file log.</P><P>Wildfire-upload-skip action is information severity.</P><P></P><P>Are they right?</P></BODY></HTML> Thu, 01 Aug 2013 09:07:21 GMT https://live.paloaltonetworks.com/t5/general-topics/are-there-way-that-fw-forward-url-data-filtering-logs-to-esm/m-p/1609#M1208 KiCheon.Lee 2013-08-01T09:07:21Z