I have some problems with forwarding threat syslog events from Panorama to OSSIM.
We have several PA and they forward their threat logs to our Panorama Appliance via SSL
Now we need this Threatlogs at our OSSIM System as well.
Because of, Policy restrictions we can not syslog directly from our PAs to our OSSIM System,
so i want use the Panorama instead.
But the only syslog information i got are general information logs
How do i get my Panorama to forward the threatlogs to our OSSIM System?
First make sure your device is sending all severities to panorama. Next check to make sure panorama is sending all log forwarding to the configured syslog under the objects tab and log forwarding.
Under Objects->Log Forwarding-->Log Type->Threat
For all Severenity there ist the Syslog Server and Panorama configured.
So the PA send all Logs to the Panorama and the syslog server, but because of Firewall policies between the PAs and the syslog server it is not allowed to forwoard syslog through the firewall
And the PAs communicate over ssl witch the panorma which is allowed
there are no firewall restrictions between Panorama and the syslog server
So I want the Panorama to forward the threat logs from all our PAs to the syslog server,
but the only syslogs the Panorama forwards are System logs from the Panorama itself but not any of the logs which the PAs send to the Panorama
So my Problem is how to configure the log forwarding of the threatlogs, which where send over ssl to the panorama,
now from the panorama to the syslog server
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!