posted

2 Comments

We’re pleased to announce the Palo Alto Networks Content Pack for vRealize Log Insight is now available here.

Our friends at Palo Alto Networks and VMware have partnered to provide a unique solution for troubleshooting Palo Alto Network’s (PAN) next generation firewalls in in dynamic VMware virtual environments.  The PAN-OS Content Pack for VMware Log Insight helps Log Insight administrators get powerful insights and operational intelligence into their PAN-OS firewall deployments.

Palo Alto Networks Content Pack For Log Insight

Palo Alto Networks Content Pack For Log Insight

Key Features of the Palo Alto Networks Content Pack

  • Extracted field definitions for PAN-OS standard syslog formats
  • Provides details on configuration changes performed in the security environment
  • Quickly and easily search logs to perform troubleshooting

Palo Alto Networks Content Pack Description

The Palo Alto Networks PAN-OS Content Pack provides extracted field definitions for the following three types of standard log formats:

  • SYSTEM
  • CONFIG
  • THREAT

There are a total of 57 fields defined across these three types.

Dashboards with predefined widgets are also provided for system, configuration and threat events, in addition to several predefined queries and alerts.

Log Field Definitions

Each standard field for each of the log types is defined, allowing you to easily perform queries using any of the fields. Field names are in the format:

  • pan_{log,system,config,threat}_fieldname
  • pan_log_fieldname is used for the fixed location fields that are common to all the log types, and includes: receive_time, serial, type, subtype and time_generated.
  • pan_{system,config,threat}_fieldname is used for a field specific to the SYSTEM, CONFIG and THREAT logs.

Descriptions for each field can be found in the “Syslog Field Descriptions” section in the PAN-OS Administrator’s Guide: https://www.paloaltonetworks.com/documentation/61/pan-os/pan-os/reports-and-logging/syslog-field-descriptions.html

This is some of the best documentation you will see for network log messages in the industry, by the way.

How to Configure PAN-OS to Forward Logs to Log Insight?

You will need to configure each firewall to forward its logs to Log Insight for analysis, or alternatively forward logs to Panorama and then forward to Log Insight.

To configure log forwarding to external hosts refer to the “Forward Logs to External Services” section in the PAN-OS Administrator’s Guide: https://www.paloaltonetworks.com/documentation/61/pan-os/pan-os/reports-and-logging/forward-logs-to-external-services.html

For more information, check out paloaltonetworks.com.

Want to know more about Log Insight? Try and Hands On Lab!

Log Insight Hand On Lab for Palo Alto Networks Content Pack