Sawmill with PAN URL logs

vinesh — Tue, 13 Jul 2010 14:47:27 GMT

Hello,

has anyone integrated PAN URL logs successfully with Sawmill for detailed reporting?

Would need some help on that given that we need to get browse time per user.

thanks

Re: Sawmill with PAN URL logs

mharding — Tue, 13 Jul 2010 18:31:48 GMT

Looks like you'll need to setup a syslog profile to use Sawmill from this document.

https://live.paloaltonetworks.com/docs/DOC-1418

Re: Sawmill with PAN URL logs

rmonvon — Thu, 15 Jul 2010 18:43:56 GMT

Here the basic instruction to use Sawmill Reporter to process PAN log to get URL web browse time (session).

This assumes that the PA unit has been configured to upload the threat log (version 2.x) or the url log (version 2.1 or higher) to a syslog server. The log file is accessible to sawmill via a network drive, FTP server, or hTTP server. Here, sawmill is installed on the same server as the syslog server.

- Go to http://www.sawmill.net/download.html, download the latest 'Professional' version, & install.
- Stop the sawmill service in Windows Services, copy & put the plug-in file (palo_alto_networks_firewall_URL.cfg) in the LogAnalysisInfo/log_formats directory, and restart the service.
- Create a New Profile in Sawmill, point to the log source, auto detect the log format, and choose format = "Palo Alto Networks Firewall Threat Log Format (URL Browse Time)"

The result will have "Session" in the Report, and session=browse time.

topic Re: Sawmill with PAN URL logs in General Topics

Sawmill with PAN URL logs

Re: Sawmill with PAN URL logs

Re: Sawmill with PAN URL logs