[ https://issues.apache.org/jira/browse/METRON-1740?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16592081#comment-16592081 ]
ASF GitHub Bot commented on METRON-1740: ---------------------------------------- Github user nickwallen commented on the issue: https://github.com/apache/metron/pull/1171 @liuy-tnz Are there any other details that might be useful to throw in a README to help users of the parser? For example, you mention PAN-OS "v6.1, v7.0 or v8.0". Would it be helpful to document this? I offer this only as a suggestion, not a blocker for this PR. I want to get a bug in your ear in case you are interested in committing some of your knowledge to a README. Maybe a future contribution? Either way, many thanks for your effort here. > Improve Palo Alto parser to handle CONFIG and SYSTEM syslog messages > -------------------------------------------------------------------- > > Key: METRON-1740 > URL: https://issues.apache.org/jira/browse/METRON-1740 > Project: Metron > Issue Type: Improvement > Reporter: Yi Liu > Priority: Major > > As a Metron's user (security analyst) > I would like Metron's Palo Alto parser be able to parse CONFIG and SYSTEM > PanOS syslog messages > so that I can know what, when how the system configuration has been changed > and how the system has been running. > > The current PaloAlto parser (BasicPaloAltoFirewallParser) only supports > THREAT and TRAFFIC log messages. The task is to extend it to support CONFIG > and SYSTEM log messages. The supported PanOS versions are 6.1, 7.0 and 8.0. > The sample of CONFIG log (PanOS 7.0) > {code:java} > 1,2017/08/11 11:23:36,999900009999,CONFIG,0,0,2017/08/11 > 11:23:36,192.168.14.162,,edit,admin,Web,Succeeded, vsys vsys4 ruleXXXX XXXXX > rules dev-to-dev-ext-http-https,1336,0x0,0,0,0,0,,dev-something200-01 > {code} -- This message was sent by Atlassian JIRA (v7.6.3#76005)