Skip to main content

Integrations

Onboard the Palo Alto Networks Connector with the Log Exporter

To ingest Palo Alto Networks firewall logs, you must first onboard the Palo Alto Networks Connector using the Log Exporter.

Important

Do not add the API Connector until after you have successfully onboarded the Palo Alto Networks integration using the Log Exporter.

  1. Navigate to the Connectors page and click + Add on the Palo Alto Networks Connector tile.

  2. On the Palo Alto Networks Connector page, click + Add Log Exporter.

  3. On the Add Log Exporter page, under Download Certificates, click Download to download the signed certificate and root certificate from Illumio.

  4. Within Panorama, select Certificate Management > Certificates from the left navigation pane, and then click Import in the banner at the bottom of the page.

  5. In the Import Certificate dialog box, enter the certificate name, select the certificate file to upload, and click OK.

  6. Under Syslog Configuration, enter the target name in the Target Name field. This value is used to describe your connection and it does not affect your configuration.

    Note

    The other values under Syslog Configuration are prepopulated.

  7. Under Copy CEF Traffic Log Format, click the copy icon to copy the CEF format. You must paste this into Palo Alto Networks Panorama: Format Syslog Messages in Common Event Format (CEF).

  8. Click Save.

    The Log Exporter Added status message displays and the Log Exporter appears as Active in the Log Exporter table.

Add Multiple Log Exporters

You can add multiple log exporters. This can be useful when you have multiple firewalls because a firewall can only be managed by one Panorama instance at a time, but organizations often use multiple Panorama instances for different groups of firewalls. It is usually done for scalability, to separate different regions or business units, to meet compliance requirements, or during migrations or mergers. Using multiple Panorama instances provides better management isolation, performance, and operational flexiblity.

Edit the Log Exporter

To edit Log Exporter information, on the Log Exporter page, click the edit icon at the end of the row for the Log Exporter whose information you want to edit.