How to configure Palo Alto to send logs to SGBox
Please follow the official guide, for your specific Palo Alto version, on how to send CEF formatted logs to SGBox through the syslog protocol: https://docs.paloaltonetworks.com/resources/cef.html
Please be aware to not cat and paste log templates directly from the PDF, or the web page, to your Palo Alto configuration panels because this can lead to paste “dirty” characters or cause malformation in the text itself.
So please follow below suggestion to avoid any pattern matching issue with SGBox definition.
The issue is that the template copied from the PDF is splitted in several lines with a carriage return character at the end of each line, instead in the Palo Alto configuration panels, we’ve to write each single template as a single line with all the Key=Value pair separated by a blank character.
So, to avoid any pattern matching issue in SGBox, please download ad use one of the below pattern packages depending on your PaloAlto version.
PAN OS 9.0 – Palo Alto PAN OS 9.0 CEF Template (25 downloads)
PAN OS 9.1 – Palo Alto PAN OS 9.1 CEF Template (47 downloads)
PAN OS 10 – Palo Alto PAN OS 10 CEF Template (23 downloads)