- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
05-12-2016 09:21 AM
Hi all, do you know if it is possible to use the syslog parser to obtain device information (for instance Operating system) and use this info in security rules?. I am using the syslog parser to obtain the IP-User mapping and it works perfectly, now I would like to obtain more info from the log. I know that the device info is available if you use GlobalProtect and HIP profiles but I would like to have this feature without install globalprotect (I am thinking in Wifi devices)
Is there any possibility?
Many thanks
Samuel
05-12-2016 11:34 PM
I don't think you can either do that or use that. Syslog listerner is designed only to work with User-ID. And even if you managed to extract OS info by some 3rd party syslog parser there is no way to use it in FW policy afaik.
It is only used with GP checks.
05-13-2016 01:06 AM
I'd recommend reaching out to your SE to create a feature request
currently the syslog parser will only collect username and IP information. other details like OS need to be detected through HIP checks on an installed GlobalProtect client
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!