Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Palo Alto Networks

    Use the JSA DSM for Palo Alto PA Series to collect events from Palo Alto PA Series devices.

    The following table identifies the specifications for the Palo Alto PA Series DSM:

    Table 1: DSM Specifications for Palo Alto PA Series

    Specification

    Value

    Manufacturer

    Palo Alto Networks

    DSM name

    Palo Alto PA Series

    RPM file name

    DSM-PaloAltoPaSeries-JSA_version-build_number.noarch.rpm

    Supported versions

    PAN-OS v3.0 to v7.1

    Event format

    Syslog

    LEEF

    CEF for PAN-OS v4.0 to v6.1

    JSA recorded event types

    Traffic

    Threat

    Config

    System

    HIP Match

    Automatically discovered?

    Yes

    Includes identity?

    Yes

    Includes custom properties?

    No

    More information

    Palo Alto Networks website (http://www.paloaltonetworks.com)

    To send events from Palo Alto PA Series to JSA, complete the following steps:

    1. If automatic updates are not enabled, download the most recent version of the Palo Alto PA Series DSM RPM.

    2. Configure your Palo Alto PA Series device to communicate with JSA. You must create a syslog destination and forwarding policy on the Palo Alto PA Series device.

    3. If JSA does not automatically detect Palo Alto PA Series as a log source, create a Palo Alto PA Series log source on the JSA console. Use the following Palo Alto values to configure the log source parameters:

      Parameter

      Description

      Log Source Identifier

      The IP address or host name of the Palo Alto PA Series device.

      Log Source Type

      Palo Alto PA Series

      Protocol Configuration

      Syslog

    Modified: 2017-05-18