Palo Alto Panorama Traffic logs
Collecting logs in a bucket
Palo alto panorama traffic logs are loaded from S3. You will need to forward your logs to a bucket prior to collecting them with RunReveal.
Withreveald
here is what a panorama config might look like to tail your syslog for panorama logs.
{
"sources": {
"hostlogs": {
"type": "file",
"path": "/var/log/syslog/",
"extension": ".log",
},
},
"destinations": {
"runreveal-store": {
"type": "s3",
"bucketName": "runreveal-bucket",
"bucketRegion": "us-west-2",
"accessKeyID": "ACCESSKEY",
"secretAccessKey": "SECRET"
},
},
}
Setting up the source
You'll need to set up the rest of the source like a normal s3 source. This entails:
- Creating an event notification (opens in a new tab) with the directions listed here
- Creating an IAM role (opens in a new tab) so that RunReveal can access the objects in the bucket.