I am hoping this is an "easy" question that I am just missing having been on calls since 4:24 am this morning :smileyconfused:
I have used tcpdump to confirm that one of our PAN firewalls are sending syslog traffic to a specific destination (w.x.y.z) which it is not supposed to. (we don't want it going to that 'collector' for band width reasons - we have a 'closer' collector.
Anyone have a trick to figure out what rule/construct is sending the syslog traffic to server w.x.y.z?
BlueCoat has a "Trace" functionality on their SG-OS that shows the evaluation by each rule as the traffic is evaluated ... that would be helpful... is there a similar thing in PAN-OS?
If we look at the below image we see that the Traffic Log type has a field for "Rule" this would indicate the security rule name that is generating the log.
Hope this is exactly what is being looked for.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!