Syslog parser

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Syslog parser

L2 Linker

Hi all, do you know if it is possible to use the syslog parser to obtain device information (for instance Operating system) and use this info in security rules?. I am using the syslog parser to obtain the IP-User mapping and it works perfectly, now I would like to obtain more info from the log. I know that the device info is available if you use GlobalProtect and HIP profiles but I would like to have this feature without install globalprotect (I am thinking in Wifi devices)

 

Is there any possibility?

 

Many thanks

 

Samuel 

2 REPLIES 2

L6 Presenter

I don't think you can either do that or use that. Syslog listerner is designed only to work with User-ID. And even if you managed to extract OS info by some 3rd party syslog parser there is no way to use it in FW policy afaik. 

It is only used with GP checks.

I'd recommend reaching out to your SE to create a feature request

 

currently the syslog parser will only collect username and IP information. other details like OS need to be detected through HIP checks on an installed GlobalProtect client

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization
  • 2085 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!