IBM QRadar

IBM QRadar

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only
Back to discussions
Expand all | Collapse all

Palo Alto Firewall - Custom Log forwarding (LEEF format) for PAN OS 10.x

  • 1.  Palo Alto Firewall - Custom Log forwarding (LEEF format) for PAN OS 10.x

    Posted Tue January 11, 2022 10:08 AM

    I am trying to configure the Custom Log Format (LEEF) for Palo Alto Firewall. Pan OS is running in 10.X (firmware version), but the official QRadar Documentation https://www.ibm.com/docs/en/dsm?topic=panps-creating-syslog-destination-your-palo-alto-pa-series-device only specifies the Log Event Extended Format (LEEF) only until version 9.1

    Will the same config also work for 10.0.4?

    How shall I proceed with configuring the Custom Log Format on the PA?



    #QRadar
    #Support
    #SupportMigration


  • 2.  RE: Palo Alto Firewall - Custom Log forwarding (LEEF format) for PAN OS 10.x

    Posted Tue January 11, 2022 04:08 PM

    Hi,

    I can confirm that the forwarded logs of Palo Release 10.0.4 are also normalized with this configuration in QRadar.

    Hope this helps.

    Regards,

    Ralph



    #QRadar
    #Support
    #SupportMigration


Related Content