PAN-OS Log Forwarding Setup And Configuration
PAN-OS by Palo Alto Networks Pack.#
This Playbook is part of theSets up and maintains log forwarding for the Panorama rulebase. It can be run when setting up a new instance, or as a periodic job to enforce log forwarding policy. You can either update all rules and override previous profiles, or update only rules that do not have a log forwarding profile configured. ​
#
Description & Playbook FlowThe playbook lists all of the rules (either pre-rulebase or post-rulebase). If the analyst wishes to override the log-forwarding profile for all rules, it updates all the rules with the given profile. If the analyst wishes to update only rules with missing profiles, it will update only those rules. In the end, the playbook will commit to PAN-OS (either auto-commit or manual commit by the analyst).
#
DependenciesThis playbook uses the following sub-playbooks, integrations, and scripts.
#
Sub-playbooks- PAN-OS Commit Configuration
#
Integrations- Palo Alto Networks PAN-OS
#
Scripts- Set
- AreValuesEqual
#
Commands- pan-os-edit-rule
- pan-os-list-rules
#
Playbook InputsName | Description | Default Value | Required |
---|---|---|---|
log-forwarding-name | The name of the log-forwarding object that will be attached to all of the rules. | log_forwarding_101 | Required |
auto_commit | Whether the rule should be committed automatically or manually. | yes | Optional |
pre-post-rulebase | Either the pre-rulebase or post-rulebase, depending on the rule structure. | pre-rulebase | Required |
device-group | The device group to work on. | - | Optional |
override-existing-profiles | Whether the log-forwarding profiles that were already defined should be overrode. | False | Optional |
#
Playbook OutputsThere are no outputs for this playbook.
#
Known LimitationsThe log forwarding profile needs to be configured manually and provided to this playbook as an input. link In the future, we’ll support auto-creation of Cortex Data Lake log forwarding profiles.