Configure the Palo Alto Networks Next-Generation Firewall integration to send third-party logs in syslog format to Trend Vision One for analysis and correlation.
Procedure
- Add a new third-party log source in the Trend Vision One
console.
- Go to .
- Click Third-Party Log Collection.
- Click + Add Log Source.The Log Source Settings window appears.
- Configure settings for the Palo Alto Networks log source.
- Specify a name for the log source.
- Select a Service Gateway virtual appliance from the drop-down
menu.
Note
Only compatible appliances appear in the list. If no compatible appliances exist, go to Service Gateway Management and deploy a new virtual appliance, or select an existing appliance and install and enable the Third-Party Log Collection Service. - Specify sender IP addresses for the third-party logs.
- Click Save.Palo Alto Networks Next-Generation Firewall appears as a log source on the Third-Party Log Collection screen.
Palo Alto Networks firewall logs become available under Firewall Activity Data in the Search app. Palo Alto Networks Next-Generation Firewall can only send logs generated after connecting to Trend Vision One. You might need to allow some time before new logs start to appear.