https://live.paloaltonetworks.com/t5/general-topics/getting-pan-fw-logs-to-azure-sentinel/m-p/306819#M79693 <P>I have the same issue</P> Wed, 15 Jan 2020 16:19:09 GMT Dwayne 2020-01-15T16:19:09Z https://live.paloaltonetworks.com/t5/general-topics/getting-pan-fw-logs-to-azure-sentinel/m-p/298582#M78226 <P>I'm currently sending FW logs to Azure Sentinel, via syslog over SSL to an r-syslog server with the Azure agent on the syslog server forwarding logs to Sentinel. I followed the documentation, format is BSD header with custom CEF format for the logs added. Using local4 facility on PA side as well as r-syslog server. Logs are getting in, but they are missing most of the key value pairs. Attached is a screen shot with basically all I'm getting.</P><P>&nbsp;</P><P>Has anyone successfully got the Palo Alto Networks FW logs into Sentinel and if so was there anything missing in the documentation or a step that needs to be added?  </P><P>&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="threat log.JPG" style="width: 658px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/22352i55E7D9DD8EE70902/image-dimensions/658x216/is-moderation-mode/true?v=v2" width="658" height="216" role="button" title="threat log.JPG" alt="threat log.JPG" /></span></P> Thu, 14 Nov 2019 15:55:49 GMT https://live.paloaltonetworks.com/t5/general-topics/getting-pan-fw-logs-to-azure-sentinel/m-p/298582#M78226 ChrisRussell 2019-11-14T15:55:49Z https://live.paloaltonetworks.com/t5/general-topics/getting-pan-fw-logs-to-azure-sentinel/m-p/306819#M79693 <P>I have the same issue</P> Wed, 15 Jan 2020 16:19:09 GMT https://live.paloaltonetworks.com/t5/general-topics/getting-pan-fw-logs-to-azure-sentinel/m-p/306819#M79693 Dwayne 2020-01-15T16:19:09Z https://live.paloaltonetworks.com/t5/general-topics/getting-pan-fw-logs-to-azure-sentinel/m-p/306824#M79695 <P>We solved this by separating all the log values onto individual lines. So hitting enter after each portion of the log. Definitely wasn't part of documentation but it works.</P> Wed, 15 Jan 2020 16:54:50 GMT https://live.paloaltonetworks.com/t5/general-topics/getting-pan-fw-logs-to-azure-sentinel/m-p/306824#M79695 ChrisRussell 2020-01-15T16:54:50Z https://live.paloaltonetworks.com/t5/general-topics/getting-pan-fw-logs-to-azure-sentinel/m-p/339304#M85223 <P>Would you paste an example of what that would look like?</P> Fri, 17 Jul 2020 20:03:29 GMT https://live.paloaltonetworks.com/t5/general-topics/getting-pan-fw-logs-to-azure-sentinel/m-p/339304#M85223 Learfield 2020-07-17T20:03:29Z