Palo Alto Networks 8
The Sumo Logic app for Palo Alto Networks 8 gives you visibility into firewall and traps activity.
Palo Alto Networks (PAN) 8 provides a next generation firewall and the Traps Endpoint Security Manager. The Sumo Logic app for Palo Alto Networks 8 gives you visibility into firewall and traps activity, including information about firewall configuration changes, details about rejected and accepted firewall traffic, traffic events that match the Correlation Objects and Security Profiles you have configured in PAN, and events logged by the Traps Endpoint Security Manager.
Log Types
The Palo Alto Networks 8 App uses the following log types:
| Log type | Description | Supported log format | For more information |
| Traffic | Entries for the start and end of each session, including date and time; source and destination zones, addresses and ports; application name; security rule applied to the traffic flow; rule action (allow, deny, or drop); ingress and egress interface; number of bytes; and session end reason. | Syslog | Traffic Logs |
| Threat | Events logged when traffic matches one of the Security Profiles attached to a security rule on the firewall. | Syslog | Threat Logs |
| System | Information about system events on the Palo Alto Networks Device. | Syslog |
System Logs |
| Config Logs | Information about Palo Alto Networks Device configuration changes. | Syslog | Configuration |
| Correlation | Events logged by firewall when patterns and thresholds defined in a Correlation Object match the traffic patterns on your network. | Syslog | Correlation Logs |
| TrapsV4 | Events logged by the Traps Endpoint Security component. | Common Event Format (CEF) | CEF Format |