threat syslog forwarding panorama -> ossim

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

threat syslog forwarding panorama -> ossim

L1 Bithead

HI,

I have some problems with forwarding threat syslog events from Panorama to OSSIM.

We have several PA and they forward their threat logs to our Panorama Appliance via SSL

Now we need this Threatlogs at our OSSIM System as well.

Because of, Policy restrictions we can not syslog directly from our PAs to our OSSIM System,

so i want use the Panorama instead.

But the only syslog information i got are general information logs

How do i get my Panorama to forward the threatlogs to our OSSIM System?

thx

Pascal

3 REPLIES 3

L3 Networker

First make sure your device is sending all severities to panorama.  Next check to make sure panorama is sending all log forwarding to the configured syslog under the objects tab and log forwarding.

Under Objects->Log Forwarding-->Log Type->Threat

For all Severenity there ist the Syslog Server and Panorama configured.

So the PA send all Logs to the Panorama and the syslog server, but because of Firewall policies between the PAs and the syslog server it is not allowed to forwoard syslog through the firewall

And the PAs communicate over ssl witch the panorma which is allowed

there are no firewall restrictions between Panorama and the syslog server

So I want the Panorama to forward the threat logs from all our PAs to the syslog server,

but the only syslogs the Panorama forwards are System logs from the Panorama itself but not any of the logs which the PAs send to the Panorama

So my Problem is how to configure the log forwarding of the threatlogs, which where send over ssl to the panorama,

now from the panorama to the syslog server

Bumping this thread. Also interested if anyone has seen this. Thanks.

  • 3042 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!