This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Palo alto splunk syslog view

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Palo alto splunk syslog view

Venkatesan_radhakrishnan
L4 Transporter

‎06-24-2020 11:45 PM

 
 

Hi Community,

 

While exporting syslog from palo alto splunk in default format, what is the default format for config logs.

 

Where I can see the default format. Next to hostname what is that value "1" where it comes from?

 

output.jpg

0 Likes Likes
3 REPLIES 3

kiwi
Community Team Member

‎06-25-2020 01:34 AM

Hi @Venkatesan_radhakrishnan ,

 

Guessing that will be vsys:

 

CEF-style format that was used for Config log type :

 

CEF:0|Palo Alto Networks|PAN-OS|$sender_sw_version|$result|$type|1|rt=$cef-formatted-receive_time deviceExternalId=$serial shost=$host cs3Label=Virtual System cs3=$vsys act=$cmd duser=$admin destinationServiceName=$client msg=$path externalId=$seqno PanOSDGl1=$dg_hier_level_1 PanOSDGl2=$dg_hier_level_2 PanOSDGl3=$dg_hier_level_3 PanOSDGl4=$dg_hier_level_4 PanOSVsysName=$vsys_name dvchost=$device_name PanOSActionFlags=$actionflags cs1Label=Before Change Detail cs1=$before-change-detail cs2Label=After Change Detail cs2=$after-change-detail

 

Check out all other CEF-style formats :

Common Event Format (CEF) Configuration Guides 

 

Hope this helps,

-Kiwi.

 
LIVEcommunity team member, CISSP
Cheers,
Kiwi
Please help out other users and “Accept as Solution” if a post helps solve your problem !

Read more about how and why to accept solutions.
0 Likes Likes

Venkatesan_radhakrishnan
L4 Transporter
In response to kiwi

‎06-25-2020 01:38 AM

Hi @kiwi 

 

I don't think so it is vsys, because it is mentioned in the last stage of format. 

 

Regards

venky

0 Likes Likes

Venkatesan_radhakrishnan
L4 Transporter
In response to Venkatesan_radhakrishnan

‎06-25-2020 11:57 AM

Hi Community,

 

Did you guess know what that value "1"

 

Jun 25 11:44:54 172.16.3.30 Jun 25 22:52:00 PA-VM 1,2020/06/25 22:52:00,015351000048743,CONFIG,0,0,2020/06/25 22:52:00,192.168.167.94,,commit,venky,Web,Submitted,,9377,0x0,0,0,0,0,,PA-VM
0 Likes Likes
  • 3217 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks