06-24-2020 11:45 PM
Hi Community,
While exporting syslog from palo alto splunk in default format, what is the default format for config logs.
Where I can see the default format. Next to hostname what is that value "1" where it comes from?
06-25-2020 01:34 AM
Hi @Venkatesan_radhakrishnan ,
Guessing that will be vsys:
CEF-style format that was used for Config log type :
CEF:0|Palo Alto Networks|PAN-OS|$sender_sw_version|$result|$type|1|rt=$cef-formatted-receive_time deviceExternalId=$serial shost=$host cs3Label=Virtual System cs3=$vsys act=$cmd duser=$admin destinationServiceName=$client msg=$path externalId=$seqno PanOSDGl1=$dg_hier_level_1 PanOSDGl2=$dg_hier_level_2 PanOSDGl3=$dg_hier_level_3 PanOSDGl4=$dg_hier_level_4 PanOSVsysName=$vsys_name dvchost=$device_name PanOSActionFlags=$actionflags cs1Label=Before Change Detail cs1=$before-change-detail cs2Label=After Change Detail cs2=$after-change-detail
Check out all other CEF-style formats :
Common Event Format (CEF) Configuration Guides
Hope this helps,
-Kiwi.
06-25-2020 01:38 AM
Hi @kiwi
I don't think so it is vsys, because it is mentioned in the last stage of format.
Regards
venky
06-25-2020 11:57 AM
Hi Community,
Did you guess know what that value "1"
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
