- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
11-13-2023 07:35 PM - edited 11-13-2023 07:36 PM
Hi all,
May i know if anyone had experience setting up VM Series FW to ingest the syslog to Azure log analytic? Is it the only is to setup a new intermediate syslog server install with Azure AMA, the VM series will send syslog to the new syslog server and AMA will ingest the log to log analytic ?
Thanks for the help 🙂
Thank you,
Meng Kiat
11-14-2023 06:26 AM
Hi @Meng_Kiat_DOS-GCC ,
Basically yes. However if you plan it to use Microsoft Sentinel to ingest those logs, you will need to configure PAN firewall to use CEF, otherwise the AMA will ignore the syslog messages from the firewall and will not forward them to the workspace.
On the following link you can find reference guide how to setup custom sylog format to CEF - https://docs.paloaltonetworks.com/resources/cef
11-14-2023 10:10 PM
Hi Aleksandar,
Thank for the information. Take note and will try out.
Thank you !!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!