Skip to main content
Sumo Logic

Palo Alto Networks 8

Palo Alto Networks 8
The Sumo Logic app for Palo Alto Networks 8 gives you visibility into firewall and traps activity.

Palo Alto Networks (PAN) 8 provides a next generation firewall and the Traps Endpoint Security Manager. The Sumo Logic app for Palo Alto Networks 8 gives you visibility into firewall and traps activity, including information about firewall configuration changes, details about rejected and accepted firewall traffic, traffic events that match the Correlation Objects and Security Profiles you have configured in PAN, and events logged by the Traps Endpoint Security Manager.

Log Types 

The Palo Alto Networks 8 App uses the following log types:

Log type Description Supported log format For more information
Traffic  Entries for the start and end of each session, including date and time; source and destination zones, addresses and ports; application name; security rule applied to the traffic flow; rule action (allow, deny, or drop); ingress and egress interface; number of bytes; and session end reason.  Syslog Traffic Logs
Threat Events logged when traffic matches one of the Security Profiles attached to a security rule on the firewall. Syslog Threat Logs
System  Information about system events on the Palo Alto Networks Device.
Syslog

System Logs 
Config Logs Information about Palo Alto Networks Device configuration changes. Syslog Configuration
Correlation Events logged by firewall when patterns and thresholds defined in a Correlation Object match the traffic patterns on your network. Syslog Correlation Logs
TrapsV4 Events logged by the Traps Endpoint Security component. Common Event Format (CEF) CEF Format