https://live.paloaltonetworks.com/t5/general-topics/a-few-panorama-questions/m-p/47037#M34573 <HTML><HEAD></HEAD><BODY><P>Hi all!</P><P></P><P>Got a few question related to Panorama which I hope you can help me with?</P><P></P><P></P><P>1) Whats the FR id regarding having Panorama to be able to forward received logs?</P><P></P><P>That is PA-device -&gt; Panorama -&gt; SEIM/Syslogarchive.</P><P></P><P></P><P>2) For which version is this feature expected to show up, and any ETA for when we will see this version available in the download section (that is version and date)?</P><P></P><P></P><P>3) If you log towards an ArcSight installation you can use the CEF-format in the PA-devices. However the CEF format has an overhead of approx 220 bytes (or so) per msg. Which gives that during a burst of say 100.000 msgs/sec the overhead is approx 176 Mbit/s on the line.</P><P></P><P>Do there exist a more efficient way of transmitting logs from PA to ArcSight other than CEF?</P><P></P><P>I mean did PA (or HP?) create a custom flexconnector or such to read native format of PA or is CEF the only available option unless I want to create a flexconnector on my own?</P><P></P><P></P><P>4) Speaking of CEF, any ETA (version and date) for when we will see panos version as a variable?</P></BODY></HTML> Mon, 26 Aug 2013 08:41:06 GMT mikand 2013-08-26T08:41:06Z https://live.paloaltonetworks.com/t5/general-topics/a-few-panorama-questions/m-p/47037#M34573 <HTML><HEAD></HEAD><BODY><P>Hi all!</P><P></P><P>Got a few question related to Panorama which I hope you can help me with?</P><P></P><P></P><P>1) Whats the FR id regarding having Panorama to be able to forward received logs?</P><P></P><P>That is PA-device -&gt; Panorama -&gt; SEIM/Syslogarchive.</P><P></P><P></P><P>2) For which version is this feature expected to show up, and any ETA for when we will see this version available in the download section (that is version and date)?</P><P></P><P></P><P>3) If you log towards an ArcSight installation you can use the CEF-format in the PA-devices. However the CEF format has an overhead of approx 220 bytes (or so) per msg. Which gives that during a burst of say 100.000 msgs/sec the overhead is approx 176 Mbit/s on the line.</P><P></P><P>Do there exist a more efficient way of transmitting logs from PA to ArcSight other than CEF?</P><P></P><P>I mean did PA (or HP?) create a custom flexconnector or such to read native format of PA or is CEF the only available option unless I want to create a flexconnector on my own?</P><P></P><P></P><P>4) Speaking of CEF, any ETA (version and date) for when we will see panos version as a variable?</P></BODY></HTML> Mon, 26 Aug 2013 08:41:06 GMT https://live.paloaltonetworks.com/t5/general-topics/a-few-panorama-questions/m-p/47037#M34573 mikand 2013-08-26T08:41:06Z https://live.paloaltonetworks.com/t5/general-topics/a-few-panorama-questions/m-p/47038#M34574 <HTML><HEAD></HEAD><BODY><P>Hi...The FR ID is 782.&nbsp; If you have a customer who wants this feature, please submit the customer's name to your local SE and the SE can add to the FR.&nbsp; This feature is coming soon.</P><P></P><P>For ArcSight, there was a FlexConnector developed several years ago and HP (ArcSight) is responsible for it.&nbsp; You should check with HP to see if they still offer it. Otherwise, CEF format is supported as you have pointed out.</P><P></P><P>Thanks.</P></BODY></HTML> Mon, 26 Aug 2013 14:59:25 GMT https://live.paloaltonetworks.com/t5/general-topics/a-few-panorama-questions/m-p/47038#M34574 rmonvon 2013-08-26T14:59:25Z