Network Logs
      Back to home
      1. Radiant Help Center
      2. Getting Started
      3. Network Logs

      Palo Alto Panorama (syslog)

      Configure Palo Alto Panorama custom log formats for syslog log forwarding to Radiant Security.

      Overview

      In this guide, you will set up Panorama to forward Palo Alto Firewall events to Radiant Security through TLS Syslog.

      To do this, you’ll need to complete the following configuration steps:

      Prerequisites

      • Palo Alto Firewalls must be forwarding events to Panorama
      • Panorama: Administrator
      • Custom log formats provided from Radiant Security

      Add the data connector in Radiant Security

      1.   Log in to Radiant Security.  
      2.   From the navigation menu, click Settings > Data Connectors and click + Add Connector.
      3. Search for and select the Palo Alto Networks Firewall option and then click Data Feeds. Captura de Tela 2024-02-29 às 15.35.11
      4.   Select the Palo Alto 9.1 Firewall data feed and then click Credentials. Captura de Tela 2024-02-29 às 15.35.17
      5.   Under Credential Name, give the credential an identifiable name (e.g. PAN Credentials). If you already have a credential in place, select it from the drop-down menu. Click Credentials.
      6.   In the Connector tag field, enter a random value. This value will act as the salt to randomize the unique Token you’ll download in the next step. Captura de Tela 2024-02-29 às 15.37.28
      7.   Click Add Connector.  
      8. Save the Token value or use the Download File option to save it as a SSL certificate or token file. This token will be used in the next section.
      9.   Click Done to save your changes.

      Captura de Tela 2024-02-29 às 15.39.38

      Upload the certificate to Panorama

      1.   Login to your Panorama and navigate to Panorama > Certificate Management > Certificates.

      2.   Click Import.

      Untitled(2)
      3.   Under Import Certificate, fill in the following details:
        • Certificate Name: Radiant Security Syslog CA
        • Certificate File: Upload the certificate file that you created and saved in the previous section
        • File Format: Base64 Encoded Certificate (PEM)
      		 Untitled(3)
      4.   Click OK to save the CA certificate.  

      Register the syslog server

      1.   Navigate to Panorama > Server Profiles > Syslog and click Add.

      2.   Under Syslog Server Profile, for Name enter Radiant Security and fill in the following details:
      Untitled(6)
      3.   Then, click the Custom Log Format tab.Untitled(7) (1)

      4.   In the Log Type column, for each Log Type click on the name and paste the corresponding log format for that log type. The log formats can be found Custom Log file that you created during the data connector setup.

      5.   Click OK to save the configuration.

      6.   Repeat steps 2-5 for all 14 Log Types.

      7.   Once all 14 log types have been updated, click OK on the syslog configuration screen.

      		 Untitled (19)

       


      Configure Panorama log settings

      1. Navigate to Panorama > Log Settings.
      2. In each box for System, Configuration, User-ID, HIP Match, GlobalProtect, and IP-Tag complete the following:
        1. Click Add
        2. Under Log Settings, fill in the following details:
          • Name: Radiant Security
          • Filter: All Logs
          • Under Syslog, Click Add and select the Syslog Server Profile (RadiantSecurity) that you created from the previous steps
        3. Click OK to save and repeat for each Log Type.Untitled(9)
        4. Navigate to Objects > Log Forwarding.
        5. Click Add.
        6. Under Log Settings, fill in the following details:
          • Name: Radiant Security
          • Add a Match List
          • Under Match List, select the following Log Types: auth, data, threat, traffic, tunnel, URL, and WildFire
          • Under Syslog, Click Add and select the Syslog Server Profile (RadiantSecurity) that you created in the previous section

      Configure log collectors log settings

      In case your environment uses log collectors, follow the steps to configure them to forward syslog to Radiant Security.

      1. Navigate to Panorama > Collector Groups.
      2. Click Collector Log Forwarding.
      3. In each box for System, Configuration, User-ID, HIP Match, GlobalProtect, and IP-Tag complete the following:
        1. Click Add.
        2. Under Log Settings, fill in the following details:
          • Name: Radiant Security
          • Filter: All Logs
          • Under Syslog, Click Add and select the Syslog Server Profile (RadiantSecurity) that you created from the previous steps
      4. Click OK to save and repeat for each Log Type. Click OK to save and repeat step 3 for each log type: System, Configuration, User-ID, HIP Match, GlobalProtect, and IP-Tag.
        Untitled(9) (1)

      Commit changes

      1. Lastly, remember to commit the changes by clicking the Commit button in the upper right hand corner.
        Untitled(5)
      2. Once the Commit Status progress is completed, the configured syslog formats will be used to send logs to Radiant Security.
        Untitled (20)

       

      We value your opinion. Did you find this article helpful? Share your thoughts by clicking here or reach to our Product and Customer Success teams at support@radiantsecurity.ai 

       

      Last updated: 2024-08-28