This doc will walk through how to filter log fields directly from the Strata Logging Service to limit the amount of data being sent out Log Forwarding Profiles via Syslog, HTTPS or Email.
First log into your hub instance at apps.paloaltonetworks.com and click on the tile for Strata Logging Service.
Next click on Log Forwarding to setup your Log forwarding Profiles and any formats or filters.
Once you have setup the Forwarding Profiles, click on test to validate connectivity and then the 'Next" button.
Now you will add which log types you want to send out from Strata Logging Service.
If you want to send all log types, then create a filter with each log type by pulling down the drop down and saving with the default fields for each.
If you also want to filter which fields are sent via those log types, then you will need to click on the hamburger Icon in a field type, then chose the vertical hamburger.
In this drop down you can choose which fields you want to forward based on what fields you use. It will also filter the view as you add or remove fields.
Next Save the changes and the Strata Logging Services will make the changes to start forwarding only these fields.
@nayubi wrote:
This doc will walk through how to filter log fields directly from the Strata Logging Service to limit the amount of data being sent out Log Forwarding Profiles via Syslog, HTTPS or Email.
First log into your hub instance at apps.paloaltonetworks.com and click on the tile for Strata Logging Service.
Next click on Log Forwarding to setup your Log forwarding Profiles and any formats or filters.
Once you have setup the Forwarding Profiles, click on test to validate connectivity and then the 'Next" button.
Now you will add which log types you want to send out from Strata Logging Service.
If you want to send all log types, then create a filter with each log type by pulling down the drop down and saving with the default fields for each.
If you also want to filter which fields are sent via those log types, then you will need to click on the hamburger Icon in a field type, then chose the vertical hamburger.
In this drop down you can choose which fields you want to forward based on what fields you use. It will also filter the view as you add or remove fields.
Next Save the changes and the Strata Logging Services will make the changes to start forwarding only these fields.
Thank you @nayubi for putting this together.
