Predefined syslog filters list please?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Predefined syslog filters list please?

Not applicable

Per 6.0's syslog listener feature (pasted below), can you please provide the list of current vendor filters?

" Determine whether there is a pre-defined syslog filter for your particular syslog sender(s).

Palo Alto Networks provides several

pre-defined syslog filters, which are

delivered as Application content updates and are therefore updated dynamically as new filters are developed."

12 REPLIES 12

L7 Applicator

Hello Sir,

The Filters will be provided through content updates as they become available. At this time, there are not any pre-defined Filters so you would need to manually create them.


SYSLOG-user-id.JPG.jpg


Thanks

So if I understand correctly, you released the feature and documented it yet have yet to develop or release any pre-defined filters? <sigh>

You would have had a day 1 win if you had launched this feature with at least a few pre-defined filters. This is why your customers are so weary of new feature releases - they feel half-baked.

If you're seeking any advice on which predefined filters to create, allow me to selfishly ask for Cisco Wireless Controller (authenticated users), Cisco ASA (VPN users), Cisco IOS, Arista network switches, etc.

Give me some time to test and i will update you soon.

Thanks

Great, thanks! Looking forward to it!

Hopefully this helps.  App Content version 418 or higher is needed.  Thanks.

syslog-pre-defined.png

Thanks, it does! Now just hoping for CIsco Wireless Controller to be added.....  but a great start!

Any chance you can supply those as filter updates in a format that the 6.0 UserID agent can use ? We are a long way off updating to 6.0.0 on the gateways so getting this feature in the UserID agent is great...its just getting it to work is a problem.

Cisco ISE filters would be great as well Smiley Happy.

Has APP content 418 been released yet? I clicked "checked now" on a PAN 6.0 and it shows 417.

Content version 418 is not yet released. Most probably, it will be available before today EOD.

Thanks

L5 Sessionator

version 418 has been released and the filters are now available under Device > User Identification > User Mapping

Cisco Wireless controller does not send username and ip information via syslog. Can send information via SNMP trap or collect information snmp walk.

See cisco document regarding getting information from wireless controller.

Cisco WLC SNMP Historical User Statistics Monitoring (w/ Syslog or Splunk) | Cisco Technical Support...

There is also now a official tech document on the configuration of Predefined syslog filters.

How to Locate the Predefined Syslog Filters in PAN-OS

Steve Puluka BSEET - IP Architect - DQE Communications (Metro Ethernet/ISP)
ACE PanOS 6; ACE PanOS 7; ASE 3.0; PSE 7.0 Foundations & Associate in Platform; Cyber Security; Data Center
  • 4729 Views
  • 12 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!