I have a concern regarding the Global protect log forwarding for forwarding the logs to Qradar SIEM Tool.
The concern is about whether Global Protect support for LEEF Format if it does support i want a document that contains the required fields about the Global protect to be sent to the SIEM Tool.
I want to confirm two things whether Global protect does support LEEF format?
If it does support could you please share the required document or the whole details that needs to be in place to forward the log to Qradar from PA devices?
Does Global protect provides public IP address details over the SIEM tool or both public and private address can be shown?
I have also found documents like these but no mentioning of global protect
but no where there is a mention for Global protect syslog forwarding to Qradar in LEEF format.
Kindly in need of you assistance guys.
Some of the details mention the word syslog. This does not literally mean a syslog server but more of an abbreviation of a system logging server of which qrader comes under. Some helpful notes here may be of some assistance..
Hi we have aldready configured for all the fields but we are in need of a global protect LEEF format which is the only one thing that needs to be configured in the syslog server profile.
So im in need of a LEEF format log transfer for Global Protect alone. Kindly share any document regarding the Global protect LEEF format
Thanks for sharing
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!