topic Re: Syslog parser in General Topics

Syslog parser

ssancho — Thu, 12 May 2016 16:21:44 GMT

Hi all, do you know if it is possible to use the syslog parser to obtain device information (for instance Operating system) and use this info in security rules?. I am using the syslog parser to obtain the IP-User mapping and it works perfectly, now I would like to obtain more info from the log. I know that the device info is available if you use GlobalProtect and HIP profiles but I would like to have this feature without install globalprotect (I am thinking in Wifi devices)

Is there any possibility?

Many thanks

Samuel

Re: Syslog parser

santonic — Fri, 13 May 2016 06:34:30 GMT

I don't think you can either do that or use that. Syslog listerner is designed only to work with User-ID. And even if you managed to extract OS info by some 3rd party syslog parser there is no way to use it in FW policy afaik.

It is only used with GP checks.

Re: Syslog parser

reaper — Fri, 13 May 2016 08:06:44 GMT

I'd recommend reaching out to your SE to create a feature request

currently the syslog parser will only collect username and IP information. other details like OS need to be detected through HIP checks on an installed GlobalProtect client