Device > Server Profiles > HTTP
Select DeviceServer ProfilesHTTP or PanoramaServer ProfilesHTTP to configure a server profile for forwarding logs. You can configure the firewall to forward logs to an HTTP(S) destination, or to integrate with any HTTP-based service that exposes an API, and modify the URL, HTTP header, parameters, and the payload in the HTTP request to meet your needs. You can also use the HTTP server profile to access firewalls running the integrated PAN-OS User-ID agent and register one or more tags to a source or destination IP address on logs that a firewall generated.
To use the HTTP server profile to forward logs:
- See Device > Log Settings for System, Config, User-ID, HIP Match, and Correlation logs.
- See Objects > Log Forwarding for Traffic, Threat, WildFire, URL Filtering, Data Filtering, Tunnel Inspection, Authentication, and GTP logs.
You cannot delete an HTTP server profile if it is used to forward logs. To delete a server profile on the firewall or Panorama, you must delete all references to the profile from the DeviceLog settings or ObjectsLog Forwarding profile.
To define an HTTP server profile, Add a new profile and configure the settings in the following table.
HTTP Server Settings
Enter a name for the server profile (up to 31 characters). The name is case-sensitive and must be unique. A valid name must start with an alphanumeric character and can contain zeroes, alphanumeric characters, underscores, hyphens, dots, or spaces.
Select the scope in which the server profile is available. In the context of a firewall that has more than one virtual system (vsys), select a vsys or select Shared (all virtual systems). In any other context, you can’t select the Location; its value is predefined as Shared (firewalls) or as Panorama. After you save the profile, you can’t change the Location.
Tag registration allows you to add or remove a tag on a source or destination IP address in a log entry and register the IP address and tag mapping to the User-ID agent on a firewall using HTTP(S). You can then define dynamic address groups that use these tags as a filtering criteria to determine its members, and enforce policy rules to an IP address based on tags.
Add the connection details to enable HTTP(S) access to the User-ID agent on a firewall.
To register tags to the User-ID agent on Panorama, you do not need a server profile. Additionally, you cannot use the HTTP server profile to register tags to a User-ID agent running on a Windows server.
Add an HTTP(s) server and enter a name (up to 31 characters) or remote User-ID agent. A valid name must be unique and start with an alphanumeric character; the name can contain zeroes, alphanumeric characters, underscores, hyphens, dots, or spaces.
A server profile can include up to four servers.
Enter the IP address of the HTTP(S) server.
For tag registration, specify the IP address of the firewall configured as a User-ID agent.
Select the protocol: HTTP or HTTPS.
Enter the port number on which to access the server or firewall. The default port for HTTP is 80 and for HTTPS is 443.
For tag registration, the firewall uses HTTP or HTTPS to connect to the web server on the firewalls that are configured as User-ID agents.
Select the HTTP method that the server supports. The options are GET, PUT, POST (default), and DELETE.
For the User-ID agent, use the GET method.
Enter the username that has access privileges to complete the HTTP method you selected.
If you are registering tags to the User-ID agent on a firewall, the username must be that of an administrator with a superuser role.
Enter the password to authenticate to the server or the firewall.
Test Server Connection
Select a server and Test Server Connection to test network connectivity to the server.
This test does not test connectivity to a server that is running the User-ID agent.
Payload Format Tab
The log type available for HTTP forwarding displays. Click the log type to open a dialog box that allows you to specify a custom log format.
Displays whether the log type uses the default format, a predefined format, or a custom payload format that you defined.
Select the format for your service or vendor for sending logs. Predefined formats are pushed through content updates and can change each time you install a new content update on the firewall or Panorama.
Enter a name for the custom log format.
Specify the resource to which you want to send logs using HTTP(S).
If you create a custom format, the URI is the resource endpoint on the HTTP service. The firewall appends the URI to the IP address you defined earlier to construct the URL for the HTTP request. Ensure that the URI and payload format matches the syntax that your third-party vendor requires. You can use any attribute supported on the selected log type within the HTTP Header, Parameter, and Value pairs, and the request payload.
Add a Header and its corresponding value.
Include the optional parameters and values.
Select the log attributes you want to include as the payload in the HTTP message to the external web server.
Send Test Log
Click this button to validate that the external web server receives the request and in the correct payload format.
Forward Logs to an HTTP(S) Destination
Forward Logs to an HTTP(S) Destination The firewall and Panorama can forward logs to an HTTP server. You can choose to forward all logs or ...
Action-Oriented Log Forwarding using HTTP
Action-Oriented Log Forwarding using HTTP To enable better integration between your firewall and IT infrastructure, you can now trigger an action or initiate a workflow ...
Select Log Forwarding Destinations
Select Log Forwarding Destinations Device > Log Settings Use these settings to configure log forwarding to Panorama, SNMP trap receivers, email servers, Syslog servers, and ...
Dynamically Quarantine Infected Guests
Dynamically Quarantine Infected Guests Threat and traffic logs in PAN-OS include the source or destination universally unique identifier (UUID) of guest VMs in your NSX ...
Support for NSX Security Tags on the VM-Series Firewall for...
Support for NSX Security Tags on the VM-Series Firewall for NSX The VM-Series for NSX now supports the tagging of guest VMs with NSX security ...
Panorama > Log Settings
Panorama > Log Settings Use the Log Settings page to forward the following log types to external services: System, Configuration, User-ID, and Correlation logs that ...
Objects > Log Forwarding
Objects > Log Forwarding By default, the logs that the firewall generates reside only in its local storage. However, if you want to use Panorama, ...
Register IP Addresses and Tags Dynamically
Register IP Addresses and Tags Dynamically To mitigate the challenges of scale, lack of flexibility and performance, the architecture in networks today allows for clients, ...
Collector Group Configuration
Collector Group Configuration To configure a Collector Group , click Add and complete the following fields. Collector Group Settings Configured In Description Name Panorama Collector ...