Getting Data In

Palo Alto Networks config logs not showing before and after info

heathramos
Path Finder

We forward all config logs from our Palo Alto Networks firewall directly into Splunk

I can see that the config logs show up in Splunk but I don't see any info on the before and after change fields

when I look at the source within Splunk, that info isn't in it but it shows in the PAN config logs on the firewall itself

I want to create a report that within Splunk that shows all firewall config changes, including the before and after (kind of pointless without it).

any idea what is wrong?

Heath

Labels (1)
0 Karma
Get Updates on the Splunk Community!

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Splunk Education believes in the value of training and certification in today’s rapidly-changing data-driven ...

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

As security threats and their complexities surge, security analysts deal with increased challenges and ...

Observability Highlights | January 2023 Newsletter

 January 2023New Product Releases Splunk Network Explorer for Infrastructure MonitoringSplunk unveils Network ...