topic Correlation Event logs are not showing the same values as in Summary in General Topics

Correlation Event logs are not showing the same values as in Summary

CSFCSLU — Mon, 13 Jul 2020 21:23:06 GMT

Hi,

We have configured the firewall to forward the correlation event logs to the syslog server. We started verifying the logs in syslog server and found the logs were not matching, all are showing the same value in the syslog server "host visited know malware URL (11 time). Whereas in firewall we see random values.

In Firewall:

In Syslog server:

Please let me know why it always shows 11 time in Syslog server rather than showing the same value as in firewall.

Re: Correlation Event logs are not showing the same values as in Summary

BPry — Tue, 14 Jul 2020 02:46:37 GMT

What PAN-OS version are you currently running?

Re: Correlation Event logs are not showing the same values as in Summary

CSFCSLU — Tue, 14 Jul 2020 13:53:31 GMT

Firewall is running on PAN-OS 9.0.6.

Re: Correlation Event logs are not showing the same values as in Summary

BPry — Thu, 16 Jul 2020 02:49:41 GMT

@CSFCSLU,

So I went and took a look at the logs from my environment just to verify that I'm not seeing the same thing, and at least on 9.0.9-h1 these logs are showing up in my SIEM as expected. If you take a look at the raw syslog data sent to your SIEM, do you still see a discrepancy?