Sending Before Change and After Change details in Panorama to Syslog

Reply
Highlighted
L1 Bithead

Sending Before Change and After Change details in Panorama to Syslog

I've been testing the logging of change events to a syslog server from Panorama.  Syslog events indicate a change made by a person and the general section of the change without giving any specific details of what was changed.  Looking in Panorama in the Monitor tab I can see the change event and some details that are sent to syslog, but the details of the configuration change as displayed in the Before Change and After Change fields all missing.  Is there a way to include those fields as part of a syslog event when a configuration item is changed?

Here is the syslog event as recorded by Wireshark.  The time, command, username, IP of system making the change, Result, Configuration Path and Sequence No. all show up in the syslog entry.  However the details of the change are not.

Capture2.JPG

The information I want sent in the syslog is highlighted below.

Capture1.JPG

Does anyone know how to include the Before/After Change details as part of the syslog event?  Remember this is on Panorama.

Thanks!

Sc

Highlighted
L5 Sessionator

Re: Sending Before Change and After Change details in Panorama to Syslog

Have you added the "After-change-deetail" and the "before-change-detail" under the syslog server profilesettings as shown below ?

Panorama--->server profiles--->Syslog-->Syslog-server-profile--->custom log format--->config

syslog setting.JPG

BR,

Karthik

Highlighted
L4 Transporter

Re: Sending Before Change and After Change details in Panorama to Syslog

Hello,

Looking at the below image, Yes for the config logs we do have the before and after change fields to be sent out through the Syslog through the panorama.

I took a lab device to share this image, it was on 5.1.1 and I did not test with 5.0.X images. What version are you having ?

Also if in the wireshark if the PAN is not generating the fields for Before and After change then pls open a case with us and upload the wiresharks and we will be happy to get this going for you.

before-after.PNG

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!