Regarding PaloAlto Panorama (syslog) Logs


#1 jacob.omara@doubleline.com

New Enterprise NxLog customer here…..hopefully any easy question.

Today I am ingesting syslog messages from my PaloAlto Panorama instance into a dedicated syslog (Ununtu) server running syslog-ng.  I am using syslog-ng to parse the incoming logs into 3 distinct log files (traffic, threat, and system).   I am then using “logrotate” and “cron" to rotate, gzip, and retain the logs.

I figure I have 2 options in terms of the log files themselves now that I am an nxlog customer.

  • Option 1: Keep things as-is (since it is working now) and just use “im_file”.
  • Option 2: Use nxlog to do the same things I am with syslog-ng.  Being new to nxlog, not sure how to best do this.

If I want to go with Option #2, does anyone have a working configuration they would be willing to share on how they parsed the incoming syslog messages from Palo Alto into those 3 distinct files (or came up with a better alternative)?

 

Thank you.