I know there are not log type of url & data filtering on syslog server profile.
But my customer want to receive two logs to ESM system by syslog.
Are there ways?
Please let me know it if there are.
And I have a question.
Panorama is received this logs(url , data) from FW.
Why is it able to receive?
Solved! Go to Solution.
URL logs are stored as "informational" threat logs on the PA device.
So, in your log forwarding profile, under Threat, enable "informational" severity. This should enable URL log forwarding to your syslog server.
Something similar to your question was discussed in : https://live.paloaltonetworks.com/message/13326#13326
Like achitwadgi said: If you are receiving URL logs on panorama, then the firewall should have had Log forwarding configured. In GUI:Objects>Log Forwarding Profile, there should have been a profile created with Panorama check box checked for "informational" severity. This profile should then be applied to the security rules.
Thank you for your answer, achitwadgi and dreputi.
FWs send url logs by threat information severity of syslog. (The value of threat subtype field is url)
Also FWs send file logs by threat low severity of syslog. (The value of threat subtype field is file)
Low severity include alert , allow , forward and deny actions on file log.
Wildfire-upload-skip action is information severity.
Are they right?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!