I've configured my 5050's to be Syslog Listeners for a couple sources so that I can parse User-ID information out of them. I did so following this document here. I can see via the command show user server-monitor state XXX that I am receiving log messages, but so far none of the are registering "success messages". I'm having a hell of a time getting a packet capture to show the inbound Syslog messages so I can inspect that I am getting what I expect. Both pcap from the gui and tcpdump from the CLI isn't showing anything. Is there a way to just simply tail the underlying syslog file on the local 5050 to see what it is receiving?
... View more
I'm kind of new to PaloAlto firewalls and I am looking for guidance on how to help with a little situation. As part of our migration, we had to create a bunch of security-zones that parallel what is on the system already. It was a cludgy, but functional work around. OK, so what I have now is zones like this: Corporate xxxxCorporate where "xxxx" is a litterally that string prefixed onto the OLD zones. So now I have my Panorama instance and a couple hundred policies that have to and from zones that I need to shift to the new correct zone. Aside from clicking though each policy and adjusting the settings, is there a way to edit them in bulk? On my Juniper SRX's I would just use the "replace pattern xxxxCorp with Corp" globally through the config. Can I do something like that in Panorama? Thanks!
... View more