Network Logs
      Back to home
      1. Radiant Help Center
      2. Getting Started
      3. Network Logs

      Palo Alto Networks (syslog)

      Configure Palo Alto Network custom log formats for syslog log forwarding to Radiant Security.

      Overview

      In this guide, you will create custom log formats for Palo Alto’s syslog log configuration. This is required in order to send Palo Alto logs to Radiant Security without the use of an intermediary syslog relay server. These custom log formats will be provided by Radiant Security and are specific to your configuration.

      To do this, you’ll need to complete the following configuration steps:

      Prerequisites

      • Palo Alto: Administrator
      • Custom log formats provided from Radiant Security

      Add the data connector in Radiant Security

      First, you’ll add the Palo Alto Networks Firewall data connector in Radiant Security to create a certificate that you’ll use to create the syslog server in Palo Alto.

      1.   Log in to Radiant Security.  
      2.   From the navigation menu, click Settings > Data Connectors and click + Add Connector.
      3.   Search for and select the Palo Alto Networks Firewall option and then click Data Feeds. Captura de Tela 2024-02-29 às 15.35.11-1
      4.   Select the Palo Alto Firewall 9.1 data feed and then click Credentials. Captura de Tela 2024-02-29 às 15.35.17-1
      5.   Under Credential Name, give the credential an identifiable name (e.g. PAN Credentials). If you already have a credential in place, select it from the drop-down menu. Click Credentials.

      6.   In the Connector tag field, enter a random value. This value will act as the salt to randomize the unique Token you’ll download in the next step.

      7.   Click Add Connector.

      		 Captura de Tela 2024-02-29 às 15.37.28-1
      8.   Save the Token value or use the Download File option to save it as a SSL certificate or token file. This token will be used in the upcoming section Configure the syslog server.
      9.   Click Done to save your changes. Captura de Tela 2024-02-29 às 15.39.38-1

      Upload the certificate

      1.   Login to your Palo Alto firewall.
      2.   On the top navigation bar, click Device.Untitled (18)
      3.   On the left navigation list, expand Certificate Management and click Certificates. Untitled(1) (2)
      4.   At the bottom of the right pane, click Import.Untitled(2) (2)
      5.  Under Import Certificate, fill in the following details:
      • Certificate Name: Radiant Security Syslog CA
      • Certificate File: Upload the certificate file that you created and saved in the previous section
      • File Format: Base64 Encoded Certificate (PEM)
      		 Untitled(3) (1)
      6.   Click OK to save the CA certificate.

       

      Configure the syslog server


      1.   On the left navigation list, expand Server Profiles and click Syslog. Untitled(4)
      2.   At the bottom of the right pane, click Add.
      Untitled(5)
      3.   Under Syslog Server Profile, fill in the following details:
      • Name: RadiantSecurity

      Click Add to add a server with the following configuration:

      		 Untitled(6)
      4.   Then, click the Custom Log Format tab.Untitled(7)
      5.   In the Log Type column, for each Log Type click on the name and paste the corresponding log format for that log type on the Config Log Format text box. The log formats can be found Custom Log file that you created during the data connector setup. Untitled (19)

      6.   Click OK to save the configuration.

      7.   Repeat steps 2-6 for all 14 Log Types.

      8.   Once all 14 Log Types have been updated, click OK on the syslog configuration screen.

       

      Configure log settings

      1.   On the left navigation list, under Certificate Management, click Log Settings. Untitled(8)

      2.   In each box for System, Configuration, User-ID, HIP Match, GlobalProtect, and IP-Tag complete the following:

      a.   Click Add.
      b.   Under Log Settings - System, fill in the following details:

        • Name: Radiant Security
        • Filter: All Logs
        • Under Syslog, Click Add and select the Syslog Server Profile (RadiantSecurity) that you created in the previous section

      c.  Click OK to save and repeat step 2 for each firewall log: System, Configuration, User-ID, HIP Match, GlobalProtect, and IP-Tag.

      		 Untitled(9)
         

       


      Configure syslog log forwarding

      1.   On the top navigation bar, click Objects.Untitled(10)
      2.   On the left navigation list, under Security Profiles, click Log Forwarding. Untitled(11)
      3.   At the bottom of the right pane, click Add.
      Untitled(5) (1)
      4.   Under Log Forwarding Profile, fill in the following details:
      • Name: Radiant Security Log Profile
      		 Untitled(1) (3)
      5.   Then click Add to add a log forwarding profile match. In the Log Forwarding Profile Match List pane, for each Log Type fill in the following details:
      • Name: Use the same name as the Log Type
      • Panorama: Enable this option if you use Panorama for log forwarding
      • Under Syslog, click Add and select the syslog profile (RadiantSecurity) that you created in the previous section
      • Click OK to save the configuration
      		 Untitled(4) (1)
      6.   Once all Log Types are added, click OK to save on the Log Forwarding Profile pane.
      7.   Remember to commit the changes by clicking the Commit button in the upper right hand corner.
      Untitled(5) (2)
      8.   Once the Commit Status progress is completed, the configured syslog formats will be used to send logs to Radiant Security.Untitled (20)


      We value your opinion. Did you find this article helpful? Share your thoughts by clicking here or reach to our Product and Customer Success teams at support@radiantsecurity.ai 

       

      Last updated: 2024-08-28