[jira] [Updated] (METRON-1740) Improve Palo Alto parser to handle CONFIG and SYSTEM syslog messages

Justin Leet (JIRA) Tue, 11 Dec 2018 08:03:18 -0800


     [ 
https://issues.apache.org/jira/browse/METRON-1740?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Justin Leet updated METRON-1740:
--------------------------------
    Fix Version/s: 0.7.0

> Improve Palo Alto parser to handle CONFIG and SYSTEM syslog messages
> --------------------------------------------------------------------
>
>                 Key: METRON-1740
>                 URL: https://issues.apache.org/jira/browse/METRON-1740
>             Project: Metron
>          Issue Type: Improvement
>            Reporter: Yi Liu
>            Priority: Major
>             Fix For: 0.7.0
>
>
> As a Metron's user (security analyst)
> I would like Metron's Palo Alto parser be able to parse CONFIG and SYSTEM 
> PanOS syslog messages
> so that I can know what, when how the system configuration has been changed 
> and how the system has been running. 
>  
> The current PaloAlto parser (BasicPaloAltoFirewallParser) only supports 
> THREAT and TRAFFIC log messages. The task is to extend it to support CONFIG 
> and SYSTEM log messages. The supported PanOS versions are 6.1, 7.0 and 8.0.
> The sample of CONFIG log (PanOS 7.0)
> {code:java}
> 1,2017/08/11 11:23:36,999900009999,CONFIG,0,0,2017/08/11 
> 11:23:36,192.168.14.162,,edit,admin,Web,Succeeded, vsys  vsys4 ruleXXXX XXXXX 
> rules  dev-to-dev-ext-http-https,1336,0x0,0,0,0,0,,dev-something200-01
> {code}



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (METRON-1740) Improve Palo Alto parser to handle CONFIG and SYSTEM syslog messages

Reply via email to