PAN-OS Log Forwarding Setup And Configuration

Sets up and maintains log forwarding for the Panorama rulebase. It can be run when setting up a new instance, or as a periodic job to enforce log forwarding policy. You can either update all rules and override previous profiles, or update only rules that do not have a log forwarding profile configured. ​

Description & Playbook Flow


The playbook lists all of the rules (either pre-rulebase or post-rulebase). If the analyst wishes to override the log-forwarding profile for all rules, it updates all the rules with the given profile. If the analyst wishes to update only rules with missing profiles, it will update only those rules. In the end, the playbook will commit to PAN-OS (either auto-commit or manual commit by the analyst).

Dependencies

This playbook uses the following sub-playbooks, integrations, and scripts.

Sub-playbooks

  • PAN-OS Commit Configuration

Integrations

  • Palo Alto Networks PAN-OS

Scripts

  • Set
  • AreValuesEqual

Commands

  • panorama-edit-rule
  • panorama-list-rules

Playbook Inputs


NameDescriptionDefault ValueRequired
log-forwarding-nameThe name of the log-forwarding object that will be attached to all of the rules.log_forwarding_101Required
auto_commitWhether the rule should be committed automatically or manually.yesOptional
pre-post-rulebaseEither the pre-rulebase or post-rulebase, depending on the rule structure.pre-rulebaseRequired
device-groupThe device group to work on.-Optional
override-existing-profilesWhether the log-forwarding profiles that were already defined should be overrode.FalseOptional

Playbook Outputs


There are no outputs for this playbook.

Known Limitations


The log forwarding profile needs to be configured manually and provided to this playbook as an input. link In the future, we’ll support auto-creation of Cortex Data Lake log forwarding profiles.

Playbook Image


PAN-OS_Log_Forwarding_Setup_And_Maintenance