Skip to main content

Integrations

Enable Cribl to Send Palo Alto Networks Firewall Logs to Azure Event Hub

Use the following procedures to allow Cribl Stream to send Palo Alto Networks firewall logs to the Illumio-hosted Azure Event Hub.

Note

For Cribl, use the default Palo Alto Networks log format instead of Common Event Format (CEF).

  1. In Cribl Stream, add a Data Destination with the following values to the Azure Event Hub that you use for Illumio Insights:

    1. Output ID: Enter a unique name to identify the Azure Event Hubs definition.

    2. Brokers: arch-eventhub.servicebus.windows.net:9093

    3. Event Hub Name: rsyslog-logs

    4. TLS: Enabled

    5. Authentication: Enabled

    6. SASL Mechanism: PLAIN

    7. Username: $ConnectionString

    8. Password: Will be provided in a separate email. It is the full Event Hub connection string (usually starts with Endpoint=sb.//...;SharedAccessKeyName=...;SharedAccessKey=...).

  2. Add a Data Route with the following values to the Data Destination that you created:

    1. Route Name: Enter a unique name for the route.

    2. Pipeline: Select a value.

    3. Destination: Select the Destination Name (Output ID) that you created in Step 1.a.