Correlation Event logs are not showing the same values as in Summary

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Correlation Event logs are not showing the same values as in Summary

L0 Member

Hi,

 

We have configured the firewall to forward the correlation event logs to the syslog server. We started verifying the logs in syslog server and found the logs were not matching, all are showing the same value in the syslog server "host visited know malware URL (11 time). Whereas in firewall we see random values.

 

In Firewall:

CSFCSLU_0-1594674922533.png

In Syslog server:

CSFCSLU_1-1594675215685.png

Please let me know why it always shows 11 time in Syslog server rather than showing the same value as in firewall.

3 REPLIES 3

Cyber Elite
Cyber Elite

What PAN-OS version are you currently running?

Firewall is running on PAN-OS 9.0.6.

@CSFCSLU,

So I went and took a look at the logs from my environment just to verify that I'm not seeing the same thing, and at least on 9.0.9-h1 these logs are showing up in my SIEM as expected. If you take a look at the raw syslog data sent to your SIEM, do you still see a discrepancy?

  • 2317 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!