[
https://issues.apache.org/jira/browse/METRON-1740?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16593863#comment-16593863
]
ASF GitHub Bot commented on METRON-1740:
----------------------------------------
Github user JonZeolla commented on the issue:
https://github.com/apache/metron/pull/1171
Sorry, I cannot @liuy-tnz
> Improve Palo Alto parser to handle CONFIG and SYSTEM syslog messages
> --------------------------------------------------------------------
>
> Key: METRON-1740
> URL: https://issues.apache.org/jira/browse/METRON-1740
> Project: Metron
> Issue Type: Improvement
> Reporter: Yi Liu
> Priority: Major
>
> As a Metron's user (security analyst)
> I would like Metron's Palo Alto parser be able to parse CONFIG and SYSTEM
> PanOS syslog messages
> so that I can know what, when how the system configuration has been changed
> and how the system has been running.
>
> The current PaloAlto parser (BasicPaloAltoFirewallParser) only supports
> THREAT and TRAFFIC log messages. The task is to extend it to support CONFIG
> and SYSTEM log messages. The supported PanOS versions are 6.1, 7.0 and 8.0.
> The sample of CONFIG log (PanOS 7.0)
> {code:java}
> 1,2017/08/11 11:23:36,999900009999,CONFIG,0,0,2017/08/11
> 11:23:36,192.168.14.162,,edit,admin,Web,Succeeded, vsys vsys4 ruleXXXX XXXXX
> rules dev-to-dev-ext-http-https,1336,0x0,0,0,0,0,,dev-something200-01
> {code}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
