Palo Alto Firewall
This Quick Start Guide provides log configuration details for SMA support: Palo Alto Syslog using Syslog hosting (Linux).
Support Specifications:
PAN - OS 7.1
Configuration Prerequisites:
To complete this task, you must have an Oracle Cloud account containing an OMC instance with administrator privileges.
Prerequisite | Description | For additional details... |
---|---|---|
1. Access to Oracle Management Cloud | You must have an Oracle Cloud account containing an OMC instance with administrator privileges. | How Do I Access Oracle Management Cloud? in Managing and Monitoring Oracle Cloud |
2. The Syslog server configured with default settings | The Syslog server is your log host (OMC entity), where log sources upload and store logs. | See FTP Server documentation provided by your vendor. |
3. Cloud agent(s) installed and Log Analytics licensing enabled | Have a Cloud Agent installed on the FTP server. This host will be discovered as an entity in OMC. | Install the Cloud Agent and Enable Oracle Log Analytics in Using Log Analytics Environment Requirements in Installing and Managing Oracle Management Cloud Agents |
4. Security Monitoring and Analytics licensing enabled | Note that SMA Data Enrichment is disabled by default. | Enabling Automatic Log Analytics and Security Monitoring and Analytics Data Collection in Getting Started with Oracle Management Cloud |
Configuration Steps:
Palo Alto Firewall | Task requirements | For additional details, see... |
---|---|---|
STEP 1. - Configure your firewall to upload logs to your Syslog server (OMC entity). | - | Configure Syslog Monitoring in PAN-OS 7.1 Administrator’s Guide |
STEP 2. - Add an Entity Association to support the new logs in OMC using Log Analytics. | Associate Palo Alto Syslog Logs with your OMC entity (the Syslog server where you installed the OMC Cloud Agent). | Security Device Sources Associating Log Sources to Existing Entities in Using Oracle Log Analytics |
STEP 3. - Validate your log collection. | Confirm your setup was successful. | Validate Log Collections |