Palo Alto Firewall

This Quick Start Guide provides log configuration details for SMA support: Palo Alto Syslog using Syslog hosting (Linux).

Support Specifications:

PAN - OS 7.1

Configuration Prerequisites:

To complete this task, you must have an Oracle Cloud account containing an OMC instance with administrator privileges.

Prerequisite	Description	For additional details...
1. Access to Oracle Management Cloud	You must have an Oracle Cloud account containing an OMC instance with administrator privileges.	How Do I Access Oracle Management Cloud? in Managing and Monitoring Oracle Cloud About Roles and Users
2. The Syslog server configured with default settings	The Syslog server is your log host (OMC entity), where log sources upload and store logs.	See FTP Server documentation provided by your vendor.
3. Cloud agent(s) installed and Log Analytics licensing enabled	Have a Cloud Agent installed on the FTP server. This host will be discovered as an entity in OMC.	Install the Cloud Agent and Enable Oracle Log Analytics in Using Log Analytics Environment Requirements in Installing and Managing Oracle Management Cloud Agents
4. Security Monitoring and Analytics licensing enabled	Note that SMA Data Enrichment is disabled by default.	Enabling Automatic Log Analytics and Security Monitoring and Analytics Data Collection in Getting Started with Oracle Management Cloud

Configuration Steps:

Palo Alto Firewall	Task requirements	For additional details, see...
STEP 1. - Configure your firewall to upload logs to your Syslog server (OMC entity).	-	Configure Syslog Monitoring in PAN-OS 7.1 Administrator’s Guide
STEP 2. - Add an Entity Association to support the new logs in OMC using Log Analytics.	Associate Palo Alto Syslog Logs with your OMC entity (the Syslog server where you installed the OMC Cloud Agent).	Security Device Sources Associating Log Sources to Existing Entities in Using Oracle Log Analytics
STEP 3. - Validate your log collection.	Confirm your setup was successful.	Validate Log Collections