Does anyone know a way to forward just the logs for HIP? We have a different team needing visibility into HIP failures, I have created HIP objects but now ideally want just these logs going out to a syslog. I have a kiwi syslog available but not sure how to just get the HIP logs out from panorama.
top of page
All things Palo Alto Networks
Forum: Forum
bottom of page
Not sure if this is what you are looking for, but I had a case where a 3rd party vendor wanted some logs sent to their specific (different from ours) syslog server.
1. Panorama > Server Profiles > Syslog > Add > Syslog Server with appropriate information.
2. Panorama > Collector Groups > Collector Log Forwarding > HIP Match > Syslog > Add > Choose Syslog created in step one.
We also opted for filtering on certain IP addresses, but that's up to you.
Hope this helps.
I dont think you can do this from panorama, but on a firewall you can create a log forwarding profile for HIP matches in device > log settings > HIP Match, and then add a syslog server