To fully integrate USM Anywhere with your Palo Alto Networks firewall, you should configure log collection so that USM Anywhere can retrieve and normalizeNormalization describes the translation of log file entries received from disparate types of monitored assets into the standardized framework of Event types and sub-types. raw log data from the firewall. The combination of the Palo Alto Networks PAN-OS plugin and configuration of the AlienApp for Palo Alto Networks provides a full scope of data and analysis within USM Anywhere.
USM Anywhere includes the Palo Alto PAN-OS pluginPlugins specify how to collect and normalize raw information from devices to create events that can then be analyzed to determine threats and vulnerabilities., which provides data normalization and analysis for Palo Alto Networks PAN-OS log data. You must first configure the firewall to send log data to a USM Anywhere Sensor through the syslogAn industry standard message logging system that is used on many devices and platforms. server. When this configuration is in place, USM Anywhere enables the plugin for the device automatically because of hints — unique information within the syslog message that identifies the data source sending the logs.
Before you configure the Palo Alto Networks PAN-OS integration, you must have the IP Address of the USM Anywhere Sensor.
To configure Palo Alto Networks PAN-OS to send log data to USM Anywhere
Add a syslog server profile. See the PAN-OS Administrator's Guide on Configure Syslog Monitoring for instructions.
- For Syslog Server, enter the IP address of the USM Anywhere Sensor.
- Select the Transport protocol you want to use.
USM Anywhere supports UDP, TCP, and TLS.
- The Port number depends on the transport protocol you choose. Use
514 for UDP, 601 for TCP, or 6514 for TLS.
- Configure syslog forwarding on PAN-OS. See the PAN-OS Administrator's Guide on Configure Log Forwarding for instructions.