Entire company uses log analytics and Sentinel for logging.
Found this excellent article below on how to accomplish this task.
Has anyone done this before?
I have stand-alone PA's that are now dumping sylog to Splunk.
Splunk is being replaced with log analytics.
Hi @dmoore-acc360 ,
I would assume that you have figured out how to setup the collector - Enabling the connector in AZ Sentinel should give you all the steps of installing and preparing the syslog listener.
From firewall prespective you need first to create Syslog profile with customized formatting. Because Sentinel expect CEF, you need to tell the firewall to use CEF for each log type (that you want to forward to Sentinel).
On the following link you will find documentation how to define CEF format for each log type based on PanOS version. - https://docs.paloaltonetworks.com/resources/cef
I have notice some issues with 9.1, which I have described here - https://live.paloaltonetworks.com/t5/globalprotect-discussions/pan-os-9-1-globalprotect-cef-format/m...
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!