[ https://issues.apache.org/jira/browse/METRON-1740?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16588116#comment-16588116 ]
Yi Liu commented on METRON-1740: -------------------------------- The syslog field descriptions. v80 - https://www.paloaltonetworks.com/documentation/80/pan-os/pan-os/monitoring/use-syslog-for-monitoring/syslog-field-descriptions v70, 71 - https://www.paloaltonetworks.com/documentation/71/pan-os/pan-os/monitoring/syslog-field-descriptions v6.1 - https://community.softwaregrp.com/t5/ArcSight-User-Discussions/PAN-OS-Log-Message-Field-Descriptions/td-p/1598587 > Improve Palo Alto parser to handle CONFIG and SYSTEM syslog messages > -------------------------------------------------------------------- > > Key: METRON-1740 > URL: https://issues.apache.org/jira/browse/METRON-1740 > Project: Metron > Issue Type: Improvement > Reporter: Yi Liu > Priority: Major > > As a Metron's user (security analyst) > I would like Metron's Palo Alto parser be able to parse CONFIG and SYSTEM > PanOS syslog messages > so that I can know what, when how the system configuration has been changed > and how the system has been running. > > The current PaloAlto parser (BasicPaloAltoFirewallParser) only supports > THREAT and TRAFFIC log messages. The task is to extend it to support CONFIG > and SYSTEM log messages. The supported PanOS versions are 6.1, 7.0 and 8.0. > The sample of CONFIG log (PanOS 7.0) > {code:java} > 1,2017/08/11 11:23:36,999900009999,CONFIG,0,0,2017/08/11 > 11:23:36,192.168.14.162,,edit,admin,Web,Succeeded, vsys vsys4 ruleXXXX XXXXX > rules dev-to-dev-ext-http-https,1336,0x0,0,0,0,0,,dev-something200-01 > {code} -- This message was sent by Atlassian JIRA (v7.6.3#76005)