Threat log forwarding from unlicensed PA device?

Reply
Highlighted
L4 Transporter

Threat log forwarding from unlicensed PA device?

Hi folks,

I believe I know the answer, but wanting to make sure I understand.  I am configuring log forwarding to a Varonis server for testing.  I've been sending the traffic log, but Varonis will only process the Threat log.  

 

I've configured the Threat in the Log forwarding profile, Vulnerability profie, etc and assigned it to my security rule, but my threat log is empty in general.  I assuming this is because my device is unlicensed?  Pa200 7.1.15.  I guess I was hoping that something (anything) would go through.

 

Just checking if there are comments before I give up for now.  :)

 

pasyslog.jpg

Tags (1)

Accepted Solutions
Highlighted
Cyber Elite

Agreed that without a license, you will not get the AV/Spyware/Vuln signature to match.

 

You could test with enabling Zone Protection Profile and DoS Protection Policies and force an attempted ping flood attack or port scan, or whatever... something that would "hit" as a threat in the logs, but does not require a licensed feature from PANW.

 

Thanks

Help the community: Like helpful comments and mark solutions

View solution in original post


All Replies
Highlighted
Cyber Elite

Agreed that without a license, you will not get the AV/Spyware/Vuln signature to match.

 

You could test with enabling Zone Protection Profile and DoS Protection Policies and force an attempted ping flood attack or port scan, or whatever... something that would "hit" as a threat in the logs, but does not require a licensed feature from PANW.

 

Thanks

Help the community: Like helpful comments and mark solutions

View solution in original post

Highlighted
Cyber Elite

I think you can forward the threat logs  without having the threat license.

MP
L4 Transporter

Without a licence there are no threats to forward.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!