[jira] [Commented] (METRON-1740) Improve Palo Alto parser to handle CONFIG and SYSTEM syslog messages

Thu, 23 Aug 2018 18:15:49 -0700 


    [ 
https://issues.apache.org/jira/browse/METRON-1740?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16591019#comment-16591019
 ] 

ASF GitHub Bot commented on METRON-1740:
----------------------------------------

Github user liuy-tnz commented on the issue:

    https://github.com/apache/metron/pull/1171
  
    @JonZeolla Thank you first. Let me try to list the testing steps as I 
haven't done it before. 
    
    Reproduce steps
    1. setup the panos firewall (v6.1, v7.0 or v8.0)
    2. setup Metron with NO my changes
    3. Copy log messages generated by the firewall to the landing Kafka topic 
producer
    4. Verify the outcome JSON string in the parser Kafka topic consumer. 
    
    Expected result: all type messages (CONFIG, SYSTEM, THREAT and TRAFFIC) 
shall be parsed successfully
    Actual result: An exception generated when parsing CONFIG and SYSTEM 
messages. 
    Reason: not support CONFIG and SYSTEM message
    
    Please contact me if you need any help. 
    Thanks
    
    
    



> Improve Palo Alto parser to handle CONFIG and SYSTEM syslog messages
> --------------------------------------------------------------------
>
>                 Key: METRON-1740
>                 URL: https://issues.apache.org/jira/browse/METRON-1740
>             Project: Metron
>          Issue Type: Improvement
>            Reporter: Yi Liu
>            Priority: Major
>
> As a Metron's user (security analyst)
> I would like Metron's Palo Alto parser be able to parse CONFIG and SYSTEM 
> PanOS syslog messages
> so that I can know what, when how the system configuration has been changed 
> and how the system has been running. 
>  
> The current PaloAlto parser (BasicPaloAltoFirewallParser) only supports 
> THREAT and TRAFFIC log messages. The task is to extend it to support CONFIG 
> and SYSTEM log messages. The supported PanOS versions are 6.1, 7.0 and 8.0.
> The sample of CONFIG log (PanOS 7.0)
> {code:java}
> 1,2017/08/11 11:23:36,999900009999,CONFIG,0,0,2017/08/11 
> 11:23:36,192.168.14.162,,edit,admin,Web,Succeeded, vsys  vsys4 ruleXXXX XXXXX 
> rules  dev-to-dev-ext-http-https,1336,0x0,0,0,0,0,,dev-something200-01
> {code}



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to