We are using Palo Alto Networks Add-on v7.0.4 which is not parsing the pan:firewall logs.
I need the policy created, deleted, modified, user timestamp and other details present in sourcetype pan:firewall.
Can someone please help me how to parse the pan:firewall logs?
sample logs
Sep 24 11:43:50 x.x.x.x <14>Sep 24 11:43:59 hostabc 0x8000000000000000 abcuser Sep 24 2024 07:43:59 GMT Sep 24 2024 07:43:59 GMT Web commit-and-push hostabc 0 0 0 0 0 2024-09-24T11:43:59.000+04:00 x.x.x.x 2024/09/24 11:43:59 Succeeded 10.x.x-h5 7495807083686661735 000710006208 0 2024/09/24 11:43:59 0 CONFIG 0
Sep 12 16:45:56 x.x.x.x <14>Sep 12 16:45:56 hostabc 0x8000000000000000 abcuser test_GP_IP { ip-netmask x.x.x.x/32; } test_GP_IP { ip-netmask x.x.x.x/32; } Sep 12 2024 12:45:56 GMT Sep 12 2024 12:45:56 GMT Web edit hostabc 0 0 0 0 40 2024-09-12T16:45:56.000+04:00 x.x.x.x device-group hostabc address test_GP_IP 2024/09/12 16:45:56 Succeeded 10.x.x-h5 7495807083686661076 000710006208 0 2024/09/12 16:45:56 0 CONFIG 0
Sep 30 19:44:20 x.x.x.x <14>Sep 30 19:44:36 hostabc 0x8000000000000000 abcuser Sep 30 2024 15:44:36 GMT Sep 30 2024 15:44:36 GMT Web commit hostabc 0 0 0 0 0 2024-09-30T19:44:36.000+04:00 x.x.x.x 2024/09/30 19:44:36 Submitted 10.x.x-h5 7495807083686661936 000710006208 0 2024/09/30 19:44:36 0 CONFIG 0
Sep 30 19:42:21 x.x.x.x <14>Sep 30 19:42:37 hostabc 0x8000000000000000 abcuser x.x.x.x { ip-netmask x.x.x.x/32; } Sep 30 2024 15:42:37 GMT Sep 30 2024 15:42:37 GMT Web set hostabc 0 0 0 0 40 2024-09-30T19:42:37.000+04:00 x.x.x.x config devices entry device-group hostabc address x.x.x.x 2024/09/30 19:42:37 Succeeded 10.x.x-h5 7495807083686661934 000710006208 0 2024/09/30 19:42:37 0 CONFIG 0
