You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@metron.apache.org by "ASF GitHub Bot (JIRA)" <ji...@apache.org> on 2018/11/09 03:18:00 UTC
[jira] [Commented] (METRON-1740) Improve Palo Alto parser to handle
CONFIG and SYSTEM syslog messages
[ https://issues.apache.org/jira/browse/METRON-1740?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16680786#comment-16680786 ]
ASF GitHub Bot commented on METRON-1740:
----------------------------------------
Github user ottobackwards commented on the issue:
https://github.com/apache/metron/pull/1171
@nickwallen can we get a +1 on this? @JonZeolla you are a +1 but not explicitly?
> Improve Palo Alto parser to handle CONFIG and SYSTEM syslog messages
> --------------------------------------------------------------------
>
> Key: METRON-1740
> URL: https://issues.apache.org/jira/browse/METRON-1740
> Project: Metron
> Issue Type: Improvement
> Reporter: Yi Liu
> Priority: Major
>
> As a Metron's user (security analyst)
> I would like Metron's Palo Alto parser be able to parse CONFIG and SYSTEM PanOS syslog messages
> so that I can know what, when how the system configuration has been changed and how the system has been running.
>
> The current PaloAlto parser (BasicPaloAltoFirewallParser) only supports THREAT and TRAFFIC log messages. The task is to extend it to support CONFIG and SYSTEM log messages. The supported PanOS versions are 6.1, 7.0 and 8.0.
> The sample of CONFIG log (PanOS 7.0)
> {code:java}
> 1,2017/08/11 11:23:36,999900009999,CONFIG,0,0,2017/08/11 11:23:36,192.168.14.162,,edit,admin,Web,Succeeded, vsys vsys4 ruleXXXX XXXXX rules dev-to-dev-ext-http-https,1336,0x0,0,0,0,0,,dev-something200-01
> {code}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)