https://live.paloaltonetworks.com/t5/general-topics/data-filtering-url-logs-into-splunk/m-p/2768#M2064 <HTML><HEAD></HEAD><BODY><P>Hey Guys,</P><P></P><P>I have the Palo Alto App working for the Threat/Traffic Logs.</P><P></P><P>However, I would like to do the same for the Data Filtering / URL Logs.</P><P></P><P>Is this possible?</P><P></P><P>Let me know if it is and how to do it.</P><P></P><P>Thanks.</P><P></P><P>Brian</P></BODY></HTML> Tue, 13 Mar 2012 22:09:40 GMT ikinnexi 2012-03-13T22:09:40Z https://live.paloaltonetworks.com/t5/general-topics/data-filtering-url-logs-into-splunk/m-p/2768#M2064 <HTML><HEAD></HEAD><BODY><P>Hey Guys,</P><P></P><P>I have the Palo Alto App working for the Threat/Traffic Logs.</P><P></P><P>However, I would like to do the same for the Data Filtering / URL Logs.</P><P></P><P>Is this possible?</P><P></P><P>Let me know if it is and how to do it.</P><P></P><P>Thanks.</P><P></P><P>Brian</P></BODY></HTML> Tue, 13 Mar 2012 22:09:40 GMT https://live.paloaltonetworks.com/t5/general-topics/data-filtering-url-logs-into-splunk/m-p/2768#M2064 ikinnexi 2012-03-13T22:09:40Z https://live.paloaltonetworks.com/t5/general-topics/data-filtering-url-logs-into-splunk/m-p/2769#M2065 <HTML><HEAD></HEAD><BODY><P>Yes I have URL --&gt; Splunk running. Use the log forwarding option in the security rules.</P><P></P><P>1.) Create URL profile with all cat. set to alert</P><P>2.) Create Syslog Server Profile for Splunk</P><P><IMG __jive_id="2708" alt="13-03-2012 23-55-17.png" class="jive-image-thumbnail jive-image" src="https://live.paloaltonetworks.com/legacyfs/online/2708_13-03-2012 23-55-17.png" width="450" /></P><P></P><P>3.) Create Log forwarding Profile</P><P><IMG __jive_id="2709" alt="13-03-2012 23-58-03.png" class="jive-image-thumbnail jive-image" src="https://live.paloaltonetworks.com/legacyfs/online/2709_13-03-2012 23-58-03.png" width="450" /></P><P></P><P>3.) Attach the URL alert profile to the appropriate security rule</P><P></P><P>4.) Attach the log forwarding profile to the appropriate security rule (Options)</P><P><IMG __jive_id="2710" alt="13-03-2012 23-59-11.png" class="jive-image" src="https://live.paloaltonetworks.com/legacyfs/online/2710_13-03-2012 23-59-11.png" /></P><P>done.</P><P></P><P>I have not tested Data Filtering alerts into Splunk.</P><P></P><P>Roland</P></BODY></HTML> Tue, 13 Mar 2012 23:01:29 GMT https://live.paloaltonetworks.com/t5/general-topics/data-filtering-url-logs-into-splunk/m-p/2769#M2065 gafrol 2012-03-13T23:01:29Z https://live.paloaltonetworks.com/t5/general-topics/data-filtering-url-logs-into-splunk/m-p/2770#M2066 <HTML><HEAD></HEAD><BODY><P>I did exactly what you described and I still don't see URL or Data Filtering stuff in my Splunk. I'm running Splunk for Palo Alto Networks 3.0 and Splunk version 5.0.2.</P><P></P><P>Did you have to do anything special in Splunk to get this data to show up?</P><P></P><P>Thanks,</P><P>Jeff</P></BODY></HTML> Wed, 24 Apr 2013 11:42:09 GMT https://live.paloaltonetworks.com/t5/general-topics/data-filtering-url-logs-into-splunk/m-p/2770#M2066 jwolach 2013-04-24T11:42:09Z https://live.paloaltonetworks.com/t5/general-topics/data-filtering-url-logs-into-splunk/m-p/2771#M2067 <HTML><HEAD></HEAD><BODY><P>Ahh... I just figured it out. My log forwarding profile was only forwarding Medium to High Severity levels. When I enabled Low &amp; Informational the URL data started showing up.</P><P></P><P>Thanks,</P><P>Jeff</P></BODY></HTML> Wed, 24 Apr 2013 11:43:58 GMT https://live.paloaltonetworks.com/t5/general-topics/data-filtering-url-logs-into-splunk/m-p/2771#M2067 jwolach 2013-04-24T11:43:58Z