You can forward GlobalProtect logs to an external service
in PAN-OS.
In PAN-OS, you can forward GlobalProtect logs
to an external service such as a syslog receiver or ticketing system.
In cases where some teams in your organization can achieve greater efficiency
by monitoring only the GlobalProtect logs that are relevant to their
operations, you can create forwarding filters based on GlobalProtect
log attributes. For example, you can filter by:
GlobalProtect
authentication events generated by GlobalProtect (type eq globalprotect)
GlobalProtect
authentication events generated by the authentication service (type
eq auth) remain in .
All other GlobalProtect events (non-authentication)
Palo Alto Networks firewalls
forward GlobalProtect logs using the following format. To facilitate
parsing, the delimiter is a comma: each field is a comma-separated
value (CSV) string.
Format: domain, receive_time, serial,
seqno, actionflags, type, subtype, config_ver, time_generated, vsys,
eventid, stage, auth_method, tunnel_type, srcuser, srcregion, machinename,
public_ip, public_ipv6, private_ip, private_ipv6, hostid, serialnumber,
client_ver, client_os, client_os_ver, repeatcnt, reason, error,
opaque, status, location, login_duration, connect_method, error_code,
portal