09-23-2024 11:01 AM
I have purcased a PA-440 Palo Alto Firewall. I want to send Syslog from it to a Ubuntu Server with JSON format.
I am sending Syslog from the firewall to a Ubuntu Server using "Device > Server Profiles > Syslog":
The syslogs that I receive looks like this, and is CSV(?) - not JSON:
<14>Sep 23 20:01:11 PA-440 1,2024/09/23 20:01:11,021201133296,TRAFFIC,end,2561,2024/09/23 20:01:11,10.10.10.103,20.190.177.21,192.168.10.20,22.120.127.11,rule1,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,LFP LimaCharlie FW,2024/09/23 20:01:11,121977,1,60637,443,39335,443,0x40041c,tcp,allow,23588,6260,17328,30,2024/09/23 20:00:56,1,any,,7408146363088945002,0x0,10.0.0.0-10.255.255.255,France,,13,17,tcp-fin,0,0,0,0,,PA-440,from-policy,,,0,,0,,N/A,0,0,0,0,a6854971-45bb-499a-86fd-30008807b6e1,0,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2024-09-23T20:01:11.522+02:00,,,encrypted-tunnel,networking,browser-based,4,"used-by-malware,able-to-transfer-file,has-known-vulnerability,tunnel-other-application,pervasive-use",,ssl,no,no,0
I have managed to send JSON traffic using Fortigate firewall, so I would imagine that Palo Alto could do the same.
09-23-2024 09:05 PM
Hi @SoloSigma ,
Currently, there isn't native support for sending syslog in JSON. You can try retrieving JSON logs via API.
09-23-2024 11:20 PM
Are there any plans to make it an option to send Syslogs as JSON?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
