Onboard the Palo Alto Networks Connector with the Log Exporter
To ingest Palo Alto Networks firewall logs, you must first onboard the Palo Alto Networks Connector using the Log Exporter.
Important
Do not add the API Connector until after you have successfully onboarded the Palo Alto Networks integration using the Log Exporter.
Navigate to Settings > Connectors and click + Add on the Palo Alto Networks Connector tile.
On the Palo Alto Networks Connector page, click + Add Log Exporter.
On the Add Log Exporter page, under Download Certificates, click Download to download the signed certificate and root certificate from Illumio.
Within Panorama, select Certificate Management > Certificates from the left navigation pane, and then click Import in the banner at the bottom of the page.
To upload the certificate to Palo Alto Networks Panorama: Import Certificate and Private Key.
In the Import Certificate dialog box, enter the certificate name, select the certificate file to upload, and click OK.
Under Syslog Configuration, enter the target name in the Target Name field. This value is used to describe your connection and it does not affect your configuration.
Note
The other values under Syslog Configuration are prepopulated.
Under Copy CEF Traffic Log Format, click the copy icon to copy the CEF format. You must paste this into Palo Alto Networks Panorama: Format Syslog Messages in Common Event Format (CEF).
Click Save.
The Log Exporter Added status message displays and the Log Exporter appears as Active in the Log Exporter table.
Note
You can add multiple log exporters.