This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Output detailed HIP logs to syslog

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Output detailed HIP logs to syslog

tmhorne
L1 Bithead

‎04-11-2019 08:20 AM

Does anybody know how to output the detailed HIP match logs to syslog?

As it stands, we've got to go to Monitor > HIP Match > Magnifying Glass Icon to see them.

We'd like to send this rich data set to Splunk or another tool to write reports against. 

 

 

scresnshot.png

3 people had this problem.
5 REPLIES 5

Mick_Ball
L7 Applicator

‎04-11-2019 08:49 AM

I use HIP myself and only log to panorama but there is a setting in device\log settings for HIP, have you tried this, it only displays a match and what you called the HIP check so may not be enough information.

0 Likes Likes

tmhorne
L1 Bithead
In response to Mick_Ball

‎04-11-2019 08:54 AM

I'm already sending Hip Match logs off via syslog, but it is only summary logs. It does not have the rich data that you get when you hit the magnifying glass.

 

 

0 Likes Likes

ChrisCapra
L1 Bithead
In response to tmhorne

‎06-19-2020 11:52 AM

I have the same question as starting to implement this. 

Is there a back end database or a CLI command that will output the rich info that magnifier glass provides ? I am guessing there is a way to do it since the data is there and available. Creating the HIP Objects and Profiles is good but is just basic info and is mostly on/off  for example if a system has antivirus or not, if installed or not, does not give specific info with the version and version number. 

Looking on how to pull the rich info that the magnifier glass provides. 

Help appreciated. 

0 Likes Likes

Mick_Ball
L7 Applicator
In response to tmhorne

‎06-19-2020 12:00 PM

Have a look here...

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClshCAC

 

Not had chance myself as the wine doth floweth at a somewhat rapid pace...

 

a bit of scripting or api call may be required for automation.

 

 

 

 

0 Likes Likes

BPry
Cyber Elite
Cyber Elite
In response to ChrisCapra

‎06-19-2020 08:47 PM

@tmhorne,

As @Mick_Ball's KB article states, this is kept in a local database and isn't really exposed in an easy format to get it exported off of the firewall. The firewall's own API isn't going to be very handy in this type of situation either, given the nature of the command required to access information held in that local database. 

I would actually look at pulling in the client's GlobalProtect logs instead of dumping them from the firewall's database. That's easier to maintain and will give you the information in the exact same format if it's desired. 

0 Likes Likes
  • 5743 Views
  • 5 replies
  • 1 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks