topic Re: Splunk For Palo Alto configuration in General Topics

Splunk For Palo Alto configuration

nmarchal — Thu, 28 Jul 2011 08:36:32 GMT

Hi,

I am using Splunk as a tool to collect and correlate logs coming from my PAN, i am trynig to configure splunkforPaloAlto Application under Splunk but i don't see the 4 types of log files (Threat, traffic, System and configuration), i'am seeing only the traffic log, i am following the configuration guide to configure this application but i can't see all the log files. I am asking if is there any psecial configuration to implement with my PAN to receive all the logs in the Splunk.

Thanks

Nicolas

Re: Splunk For Palo Alto configuration

Bart_Jocque — Thu, 28 Jul 2011 13:45:27 GMT

You need to create a log-forwarding-profile where you specify that the traffic logs AND all of the threat logs need to be forwarded by syslog.

The you should apply this profile to all your firewall rules.

Re: Splunk For Palo Alto configuration

nmarchal — Tue, 02 Aug 2011 07:20:19 GMT

Hi,

When trying to create the log forwarding profile as you have explained to me, i noticed that we can associate only Threat and Traffig logs and there is no Configuration and System log, i've attached a picture to explain more the problem. Is there any other configuration to do.

Thanks

Nicolas

Re: Splunk For Palo Alto configuration

migration — Tue, 02 Aug 2011 12:24:02 GMT

Hi,

you can find System & Config log settings under Device tab (Log Settings).

There you can decide where to send your system and config logs.

Bye