Device > Server Profiles > HTTP
Select DeviceServer ProfilesHTTP or PanoramaServer ProfilesHTTP to configure a server
profile for forwarding logs. You can configure the firewall to forward
logs to an HTTP(S) destination, or to integrate with any HTTP-based service
that exposes an API, and modify the URL, HTTP header, parameters, and
the payload in the HTTP request to meet your needs. You can also
use the HTTP server profile to access firewalls running the integrated
PAN-OS User-ID agent and register one or more tags to a source or
destination IP address on logs that a firewall generated.
To use the HTTP server profile to forward logs:
- See Device > Log Settings for System, Config, User-ID, HIP Match, and Correlation logs.
- See Objects > Log Forwarding for Traffic, Threat, WildFire, URL Filtering, Data Filtering, Tunnel Inspection, Authentication, and GTP logs.
You
cannot delete an HTTP server profile if it is used to forward logs.
To delete a server profile on the firewall or Panorama, you must
delete all references to the profile from the DeviceLog settings or ObjectsLog Forwarding profile.
To define an HTTP server profile, Add a
new profile and configure the settings in the following table.
HTTP Server Settings | Description |
|---|---|
Name | Enter a name for the server profile (up
to 31 characters). The name is case-sensitive and must be unique.
A valid name must start with an alphanumeric character and can contain
zeroes, alphanumeric characters, underscores, hyphens, dots, or spaces. |
Location | Select the scope in which the server profile
is available. In the context of a firewall that has more than one
virtual system (vsys), select a vsys or select Shared (all
virtual systems). In any other context, you can’t select the Location;
its value is predefined as Shared (firewalls) or as Panorama.
After you save the profile, you can’t change the Location. |
Tag Registration | Tag registration allows you to add or remove
a tag on a source or destination IP address in a log entry and register
the IP address and tag mapping to the User-ID agent on a firewall
using HTTP(S). You can then define dynamic address groups that use these
tags as a filtering criteria to determine its members, and enforce
policy rules to an IP address based on tags. Add the
connection details to enable HTTP(S) access to the User-ID agent
on a firewall. To register tags to the User-ID agent on Panorama,
you do not need a server profile. Additionally, you cannot use the
HTTP server profile to register tags to a User-ID agent running
on a Windows server. |
Servers Tab | |
Name | Add an HTTP(s) server and
enter a name (up to 31 characters) or remote User-ID agent. A valid
name must be unique and start with an alphanumeric character; the
name can contain zeroes, alphanumeric characters, underscores, hyphens,
dots, or spaces. A server profile can include up to four servers. |
Address | Enter the IP address of the HTTP(S) server. For
tag registration, specify the IP address of the firewall configured
as a User-ID agent. |
Protocol | Select the protocol: HTTP or HTTPS. |
Port | Enter the port number on which to access
the server or firewall. The default port for HTTP is 80 and for
HTTPS is 443. For tag registration, the firewall uses HTTP
or HTTPS to connect to the web server on the firewalls that are
configured as User-ID agents. |
HTTP Method | Select the HTTP method that the server supports.
The options are GET, PUT, POST (default), and DELETE. For
the User-ID agent, use the GET method. |
Username | Enter the username that has access privileges
to complete the HTTP method you selected. If you are registering
tags to the User-ID agent on a firewall, the username must be that
of an administrator with a superuser role. |
Password | Enter the password to authenticate to the
server or the firewall. |
Test Server Connection | Select a server and Test Server Connection to
test network connectivity to the server. This test does not
test connectivity to a server that is running the User-ID agent. |
Payload Format Tab | |
Log Type | The log type available for HTTP forwarding
displays. Click the log type to open a dialog box that allows you
to specify a custom log format. |
Format | Displays whether the log type uses the default
format, a predefined format, or a custom payload format that you defined. |
Pre-defined Formats | Select the format for your service or vendor
for sending logs. Predefined formats are pushed through content
updates and can change each time you install a new content update
on the firewall or Panorama. |
Name | Enter a name for the custom log format. |
URI Format | Specify the resource to which you want to
send logs using HTTP(S). If you create a custom format, the URI is
the resource endpoint on the HTTP service. The firewall appends
the URI to the IP address you defined earlier to construct the URL
for the HTTP request. Ensure that the URI and payload format matches
the syntax that your third-party vendor requires. You can use any
attribute supported on the selected log type within the HTTP Header, Parameter,
and Value pairs, and the request payload. |
HTTP Headers | Add a Header and its corresponding value. |
Parameters | Include the optional parameters and values. |
Payload | Select the log attributes you want to include
as the payload in the HTTP message to the external web server. |
Send Test Log | Click this button to validate that the external
web server receives the request and in the correct payload format. |
Related Documentation
Forward Logs to an HTTP(S) Destination
Forward Logs to an HTTP(S) Destination The firewall and Panorama can forward logs to an HTTP server. You can choose to forward all logs or ...
Dynamically Quarantine Infected Guests
Dynamically Quarantine Infected Guests Threat and traffic logs in PAN-OS include the source or destination universally unique identifier (UUID) of guest VMs in your NSX ...
Select Log Forwarding Destinations
Select Log Forwarding Destinations Device Log Settings The Log Settings page allows you to configure log forwarding to: Panorama, SNMP trap receivers, email servers, Syslog ...
Panorama > Log Settings
Panorama > Log Settings Use the Log Settings page to forward the following log types to external services: System, Configuration, User-ID, and Correlation logs that ...
Objects > Log Forwarding
Objects > Log Forwarding By default, the logs that the firewall generates reside only in its local storage. However, you can use Panorama™, the Logging ...
Register IP Addresses and Tags Dynamically
Register IP Addresses and Tags Dynamically To mitigate the challenges of scale, lack of flexibility and performance, the architecture in networks today allows for virtual ...
Collector Group Configuration
Collector Group Configuration To configure a Collector Group , click Add and complete the following fields. Collector Group Settings Configured In Description Name Panorama Collector ...
Configure Log Forwarding
Configure Log Forwarding In an environment where you use multiple firewalls to control and analyze network traffic, any single firewall can display logs and reports ...