You are here: Docs>Sheriff Web>UserGuides>SheriffCSMDocumentation>DeploymentGuide>PluginManagement>ConfigureLogForwardingOnCommonlyUsedDataSources>PaloAltoNetworksPANOS (24 Jun 2022, SheriffCyberSecurity)Edit Attach

Up
Previous Next

Sheriff CSM™

Palo Alto Networks PAN-OS

When you configure Palo Alto Networks PAN-OS to send log data to Sheriff CSM, you can use the Palo Alto Networks PAN-OS plugin to translate raw log data into normalized events for analysis. The table below provides some basic information for the plugin:

Plugin Information

Device	Details
Vendor	Palo Alto Networks
Device Type	Firewall
Connection Type	Syslog
Data Source Name	paloalto
Data Source ID	1615

Integrating Palo Alto Networks PAN-OS

Before configuring the Palo Alto Networks PAN-OS log collection, you must have the IP Address of the Sheriff CSM Sensor (Deputy).

To configure PAN-OS to send log data to Sheriff CSM

Add a syslog server profile. See the PAN-OS Administrator's Guide on Configure Syslog Monitoring for instructions.
- For Syslog Server, enter the IP address of the Sheriff CSM Sensor.
- Select the transport protocol you want to use. Sheriff CSM supports UDP and TCP.
- The port number depends on the transport protocol you choose. Use 514 for UDP or TCP.
Configure syslog forwarding on PAN-OS. See the PAN-OS Administrator's Guide on Configure Log Forwarding for instructions.

Plugin Enablement

For plugin enablement information, see Enable Plugins.

Troubleshooting

For troubleshooting, refer to the vendor documentation:

https://www.paloaltonetworks.com/documentation/70/pan-os/pan-os/monitoring/configure-syslog-monitoring.html

http://blog.webernetz.net/2013/11/21/cli-commands-for-troubleshooting-palo-alto-firewalls/

Topic revision: r10 - 24 Jun 2022, SheriffCyberSecurity

Sheriff

User Guides

Sheriff CSM

Deployment Guide

User Guide