Hello Team,
I am working on Prisma Access syslog csv format. We are able to forward & receive csv logs successfully.
Now, I am trying to understand the format. I could able to understand the message part as all the field details are provided in the Palo Alto documentation clearly. However, header is where I am looking for little clarity. Following is the sample header of old log(few things masked):
889 <14>1 2022-09-29T13:57:16.953Z stream-logfwd20-xxxxxxxx--xxxxxxxx-xxxx-abcxyz-1x2x logforwarder - panwlogs -
I want to know:
1. What is the "logforwarder" and "panwlogs"? And are these going to be static?
2. Syslog header structure.
3. How can I differentiate log coming Panorama vs Prisma Access via CDL?
Any support document or help regarding above points would would really appreciate.
Thank you.
Prisma Access Cortex Data Lake Panorama
