Free visualisation (NOC screenboards) for PANW firewall performance/monitoring using Elastic Stack

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Free visualisation (NOC screenboards) for PANW firewall performance/monitoring using Elastic Stack

L2 Linker

I was looking for ways to provide 'at-a-glance' visualisation of PANW firewall health, including traffic, threat, system & config logs. The stock capabilities, including ACC, are decent but somewhat lacking in providing NOC-style dashboards.

 

Inspired by other visualisation solutions I've seen around, such as the Splunk App & Graylog dashboards, I spent the last 48 hours tinkering with ElasticStack 6.1 and came up with a series of 9 dashboards (and 66 visualisations) that can be derived from PANW Firewall syslogs.

 

Dashboard examples here;

There's another 4 dashboards too (Config, Threat [Warning+], URL & Blocked URLs)

 

The process of spinning up a Linux/Windows VM & installing Elastic Stack is pretty painless. Once done, dropping in the files required to create a syslog instance, ingest the syslogs and output the visualisations/dashboard is quite easy

 

I've put all the relevant information, including a full tutorial on installing Elastic Stack, up on GitHub: https://github.com/sm-biz/paloalto-elasticstack-viz

 

If anyone's interested, have a look and provide feedback. Any other types of dashboards that would be useful?

(Note: Wildfire dashboard is still-to-come, I need to generate some sample data)

2 REPLIES 2

L0 Member

Can you please post any video tutorial for this ELK + palo alto log monitoring.

L3 Networker

Awesome. Thanks. Took me about a day to get this up and running on Ubuntu 18. The installation of Java 8 has changed, the PPA repo is no longer a viable solution, had to install it manually. The only other thing that tripped me up was the sysylog port, it was 5514 instead of the usual 514. Once I changed that on the syslog forward in the PA, everything started flowing ing in.

____________________

Just another I.T. Guy

  • 4919 Views
  • 2 replies
  • 7 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!