https://live.paloaltonetworks.com/t5/general-topics/syslog-from-pam-os-3-1-to-4-1/m-p/5155#M3790 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P>I migrated our PAN FW from 3.1 to 4.1 and there is some more fields on TRAFFIC and THREAT syslog format.</P><P>With 3.1, using syslog-ng, I got:</P><P>Sep 27 00:00:35 giacometti-2 00: 00:35,0003C100873,TRAFFIC,end, etc ...</P><P>Since by defualt in 4.1 there is more field than with 3.1 I'd like to customize the syslog format in a way that have the sames format as it was on 3.1 (to avoind, for the moment to change syslog parser tool):</P><P><STRONG>$serial,$type,$subtype,$padding</STRONG>,$time_generated,$src,$dst,$natsrc,$natdst,$rule,$srcuser,$dstuser,$app,$vsys,$from,$to,$inbound_if,$outbound_if,$logset,$padding,$sessionid,$repeatcnt,$sport,$dport,$natsport,$natdport,$flags,$proto,$action,$bytes,$bytes_sent,$bytes_received,$packets,$start,$elapsed,$category,$padding</P><P></P><P>And with this format i get:</P><P>Sep 28 16:29:16 giacometti-test 16: 29:15,10.44.39.26,199.47.219.159,0.0.0.0,0.0.0.0,AC Standard,ac\t128636,,ssl,vsys1,AC-Trust,AC-Untrust,ethernet1/3,ethernet1/4,Netlog-AC,0,136120,1,4310,443,0,0,0x0,tcp,allow,354,288,66,4,2012/09/28 16:29:15,0,any,0</P><P></P><P>As you can see the firs 4 fields (<STRONG>$serial,$type,$subtype,$padding</STRONG>) are dropped somewhere, does someone have an idea why ?</P></BODY></HTML> Fri, 28 Sep 2012 14:36:24 GMT helenio.sartori 2012-09-28T14:36:24Z https://live.paloaltonetworks.com/t5/general-topics/syslog-from-pam-os-3-1-to-4-1/m-p/5155#M3790 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P>I migrated our PAN FW from 3.1 to 4.1 and there is some more fields on TRAFFIC and THREAT syslog format.</P><P>With 3.1, using syslog-ng, I got:</P><P>Sep 27 00:00:35 giacometti-2 00: 00:35,0003C100873,TRAFFIC,end, etc ...</P><P>Since by defualt in 4.1 there is more field than with 3.1 I'd like to customize the syslog format in a way that have the sames format as it was on 3.1 (to avoind, for the moment to change syslog parser tool):</P><P><STRONG>$serial,$type,$subtype,$padding</STRONG>,$time_generated,$src,$dst,$natsrc,$natdst,$rule,$srcuser,$dstuser,$app,$vsys,$from,$to,$inbound_if,$outbound_if,$logset,$padding,$sessionid,$repeatcnt,$sport,$dport,$natsport,$natdport,$flags,$proto,$action,$bytes,$bytes_sent,$bytes_received,$packets,$start,$elapsed,$category,$padding</P><P></P><P>And with this format i get:</P><P>Sep 28 16:29:16 giacometti-test 16: 29:15,10.44.39.26,199.47.219.159,0.0.0.0,0.0.0.0,AC Standard,ac\t128636,,ssl,vsys1,AC-Trust,AC-Untrust,ethernet1/3,ethernet1/4,Netlog-AC,0,136120,1,4310,443,0,0,0x0,tcp,allow,354,288,66,4,2012/09/28 16:29:15,0,any,0</P><P></P><P>As you can see the firs 4 fields (<STRONG>$serial,$type,$subtype,$padding</STRONG>) are dropped somewhere, does someone have an idea why ?</P></BODY></HTML> Fri, 28 Sep 2012 14:36:24 GMT https://live.paloaltonetworks.com/t5/general-topics/syslog-from-pam-os-3-1-to-4-1/m-p/5155#M3790 helenio.sartori 2012-09-28T14:36:24Z https://live.paloaltonetworks.com/t5/general-topics/syslog-from-pam-os-3-1-to-4-1/m-p/5156#M3791 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>Checkout device-&gt;server profiles-&gt;syslog</P><P></P><P>Create a profile and then customize it via the custom log format tab.</P><P></P><P>Cheers,</P><P>Mike</P></BODY></HTML> Fri, 28 Sep 2012 16:59:54 GMT https://live.paloaltonetworks.com/t5/general-topics/syslog-from-pam-os-3-1-to-4-1/m-p/5156#M3791 msullivan 2012-09-28T16:59:54Z