06-09-2026 10:33 PM
In our Panorama syslog forwarding we can see logs are sent in the Default Format . We need to change it to a customized format .
Default Format :
<14>May 27 20:07:50 FW1 1,2026/05/27 20:07:49,016201049542,CONFIG,0,2562,2026/05/27 20:07:50,10.252.40.134,,set,ADMCREGT,Web,Succeeded, deviceconfig high-availability group,7618904982443524109,0x8000000000000000,0,0,0,0,,FW1,0,,0,2026-05-27T20:07:50.087+00:00,/config/devices/entry[@name='localhost.localdomain']/deviceconfig/high-availability/group
Required Customized format
Config:
CEF:0|Palo Alto Networks|PAN-OS|$sender_sw_version|$result|$type|1|rt=$cef-formatted-receive_time deviceExternalId=$serial shost=$host cs3Label=Virtual System cs3=$vsys act=$cmd duser=$admin destinationServiceName=$client msg=$path externalId=$seqno PanOSDGl1=$dg_hier_level_1 PanOSDGl2=$dg_hier_level_2 PanOSDGl3=$dg_hier_level_3 PanOSDGl4=$dg_hier_level_4 PanOSVsysName=$vsys_name dvchost=$device_name PanOSActionFlags=$actionflags cs1Label=Before Change Detail cs1=$before-change-detail cs2Label=After Change Detail cs2=$after-change-detail
06-10-2026 10:44 AM
Hi @R.Muniyappa ,
Yes, you can. Define your custom log settings under Panorama > Server Profiles > [edit server profile] > Custom Log Format.
Thanks,
Tom
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
