Skip to main content

PAN-OS Log Forwarding Setup And Configuration

This Playbook is part of the PAN-OS by Palo Alto Networks Pack.#

Sets up and maintains log forwarding for the Panorama rulebase. It can be run when setting up a new instance, or as a periodic job to enforce log forwarding policy. You can either update all rules and override previous profiles, or update only rules that do not have a log forwarding profile configured. ​

Description & Playbook Flow#

The playbook lists all of the rules (either pre-rulebase or post-rulebase). If the analyst wishes to override the log-forwarding profile for all rules, it updates all the rules with the given profile. If the analyst wishes to update only rules with missing profiles, it will update only those rules. In the end, the playbook will commit to PAN-OS (either auto-commit or manual commit by the analyst).


This playbook uses the following sub-playbooks, integrations, and scripts.


  • PAN-OS Commit Configuration


  • Palo Alto Networks PAN-OS


  • Set
  • AreValuesEqual


  • pan-os-edit-rule
  • pan-os-list-rules

Playbook Inputs#

NameDescriptionDefault ValueRequired
log-forwarding-nameThe name of the log-forwarding object that will be attached to all of the rules.log_forwarding_101Required
auto_commitWhether the rule should be committed automatically or manually.yesOptional
pre-post-rulebaseEither the pre-rulebase or post-rulebase, depending on the rule structure.pre-rulebaseRequired
device-groupThe device group to work on.-Optional
override-existing-profilesWhether the log-forwarding profiles that were already defined should be overrode.FalseOptional

Playbook Outputs#

There are no outputs for this playbook.

Known Limitations#

The log forwarding profile needs to be configured manually and provided to this playbook as an input. link In the future, we’ll support auto-creation of Cortex Data Lake log forwarding profiles.

Playbook Image#