cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Who Me Too'd this topic

vm-300 syslog to Azure Sentinel

L0 Member

I try to setup syslog forwarding to Azure Sentinel butt the vm-300 does not send Threat logs.

 

I created a syslog server udp 514 and used https://docs.paloaltonetworks.com/content/dam/techdocs/en_US/pdf/cef/pan-os-91-cef-configuration-gui... for custom CEF format.

 

I configured the log forwarder to forward all threat logs.

 

I configured the policies to use the log forwarder rule.

 

when I run a tcp dump on the syslog server I dont see any logs comming in.

 

When I configure the traffic logs as above I do get all the logs.

 

Who Me Too'd this topic