https://live.paloaltonetworks.com/t5/general-topics/threat-log-forwarding-from-unlicensed-pa-device/m-p/271911#M74871 <P>Hi folks,</P><P>I believe I know the answer, but wanting to make sure I understand.&nbsp; I am configuring log forwarding to a Varonis server for testing.&nbsp; I've been sending the traffic log, but Varonis will only process the Threat log.&nbsp;&nbsp;</P><P>&nbsp;</P><P>I've configured the Threat in the Log forwarding profile, Vulnerability profie, etc and assigned it to my security rule, but my threat log is empty in general.&nbsp; I assuming this is because my device is unlicensed?&nbsp; Pa200 7.1.15.&nbsp; I guess I was hoping that something (anything) would go through.</P><P>&nbsp;</P><P>Just checking if there are comments before I give up for now.&nbsp; <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P><P>&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="pasyslog.jpg" style="width: 801px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/20456i6CD79259B6F717FF/image-size/large/is-moderation-mode/true?v=v2&amp;px=999" role="button" title="pasyslog.jpg" alt="pasyslog.jpg" /></span></P> Thu, 20 Jun 2019 21:12:52 GMT OMatlock 2019-06-20T21:12:52Z https://live.paloaltonetworks.com/t5/general-topics/threat-log-forwarding-from-unlicensed-pa-device/m-p/271911#M74871 <P>Hi folks,</P><P>I believe I know the answer, but wanting to make sure I understand.&nbsp; I am configuring log forwarding to a Varonis server for testing.&nbsp; I've been sending the traffic log, but Varonis will only process the Threat log.&nbsp;&nbsp;</P><P>&nbsp;</P><P>I've configured the Threat in the Log forwarding profile, Vulnerability profie, etc and assigned it to my security rule, but my threat log is empty in general.&nbsp; I assuming this is because my device is unlicensed?&nbsp; Pa200 7.1.15.&nbsp; I guess I was hoping that something (anything) would go through.</P><P>&nbsp;</P><P>Just checking if there are comments before I give up for now.&nbsp; <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P><P>&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="pasyslog.jpg" style="width: 801px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/20456i6CD79259B6F717FF/image-size/large/is-moderation-mode/true?v=v2&amp;px=999" role="button" title="pasyslog.jpg" alt="pasyslog.jpg" /></span></P> Thu, 20 Jun 2019 21:12:52 GMT https://live.paloaltonetworks.com/t5/general-topics/threat-log-forwarding-from-unlicensed-pa-device/m-p/271911#M74871 OMatlock 2019-06-20T21:12:52Z https://live.paloaltonetworks.com/t5/general-topics/threat-log-forwarding-from-unlicensed-pa-device/m-p/271918#M74872 <P>Agreed that without a license, you will not get the AV/Spyware/Vuln signature to match.</P><P>&nbsp;</P><P>You could test with enabling Zone Protection Profile and DoS Protection Policies and force an attempted ping flood attack or port scan, or whatever... something that would "hit" as a threat in the logs, but does not require a licensed feature from PANW.</P><P>&nbsp;</P><P>Thanks</P> Thu, 20 Jun 2019 21:17:16 GMT https://live.paloaltonetworks.com/t5/general-topics/threat-log-forwarding-from-unlicensed-pa-device/m-p/271918#M74872 S.Cantwell 2019-06-20T21:17:16Z https://live.paloaltonetworks.com/t5/general-topics/threat-log-forwarding-from-unlicensed-pa-device/m-p/271974#M74875 <P>I think you can forward the threat logs&nbsp; without having the threat license.</P> Fri, 21 Jun 2019 04:54:39 GMT https://live.paloaltonetworks.com/t5/general-topics/threat-log-forwarding-from-unlicensed-pa-device/m-p/271974#M74875 MP18 2019-06-21T04:54:39Z https://live.paloaltonetworks.com/t5/general-topics/threat-log-forwarding-from-unlicensed-pa-device/m-p/272009#M74879 <P>Without a licence there are no threats to forward.</P> Fri, 21 Jun 2019 07:32:09 GMT https://live.paloaltonetworks.com/t5/general-topics/threat-log-forwarding-from-unlicensed-pa-device/m-p/272009#M74879 RobinClayton 2019-06-21T07:32:09Z