Device > Server Profiles > HTTP
to configure a server profile for forwarding logs. You can configure the firewall to forward logs to an HTTP(S) destination, or to integrate with any HTTP-based service that exposes an API, and modify the URL, HTTP header, parameters, and the payload in the HTTP request to meet your needs. You can also use the HTTP server profile to access firewalls running the PAN-OS integrated User-ID agent and register one or more tags to a source or destination IP address on logs that a firewall generated.
To use the HTTP server profile to forward logs:
You cannot delete an HTTP server profile if it is used to forward logs. To delete a server profile on the firewall or Panorama, you must delete all references to the profile from the
To define an HTTP server profile,
Adda new profile and configure the settings in the following table.
HTTP Server Settings
Enter a name for the server profile (up to 31 characters). The name is case-sensitive and must be unique. A valid name must start with an alphanumeric character and can contain zeros, alphanumeric characters, underscores, hyphens, dots, or spaces.
Select the scope in which the server profile is available. In the context of a firewall that has more than one virtual system (vsys), select a vsys or select
Shared(all virtual systems). In any other context, you can’t select the
Location; its value is predefined as Shared (
firewalls) or as Panorama. After you save the profile, you can’t change the
Tag registration allows you to add or remove a tag on a source or destination IP address in a log entry and register the IP address and tag mapping to the User-ID agent on a firewall using HTTP(S). You can then define dynamic address groups that use these tags as a filtering criteria to determine its members, and enforce policy rules to an IP address based on tags.
Addthe connection details to enable HTTP(S) access to the User-ID agent on a firewall.
To register tags to the User-ID agent on Panorama, you do not need a server profile. Additionally, you cannot use the HTTP server profile to register tags to a User-ID agent running on a Windows server.
Addan HTTP(s) server and enter a name (up to 31 characters) or remote User-ID agent. A valid name must be unique and start with an alphanumeric character; the name can contain zeros, alphanumeric characters, underscores, hyphens, dots, or spaces.
A server profile can include up to four servers.
Enter the IP address of the HTTP(S) server.
For tag registration, specify the IP address of the firewall configured as a User-ID agent.
Select the protocol: HTTP or HTTPS.
Enter the port number on which to access the server or firewall. The default port for HTTP is 80 and for HTTPS is 443.
For tag registration, the firewall uses HTTP or HTTPS to connect to the web server on the firewalls that are configured as User-ID agents.
Select the TLS version supported for SSL on the server. The default is
Select the certificate profile to use for the TLS connection with the server.
The firewall uses the specified certificate profile to validate the server certificate when establishing a secure connection to the server.
Select the HTTP method that the server supports. The options are GET, PUT, POST (default), and DELETE.
For the User-ID agent, use the GET method.
Enter the username that has access privileges to complete the HTTP method you selected.
If you are registering tags to the User-ID agent on a firewall, the username must be that of an administrator with a superuser role.
Enter the password to authenticate to the server or the firewall.
Test Server Connection
Select a server and
Test Server Connectionto test network connectivity to the server.
This test does not test connectivity to a server that is running the User-ID agent.
Payload Format Tab
The log type available for HTTP forwarding displays. Click the log type to open a dialog box that allows you to specify a custom log format.
Displays whether the log type uses the default format, a predefined format, or a custom payload format that you defined.
Select the format for your service or vendor for sending logs. Predefined formats are pushed through content updates and can change each time you install a new content update on the firewall or Panorama.
Enter a name for the custom log format.
Specify the resource to which you want to send logs using HTTP(S).
If you create a custom format, the
URIis the resource endpoint on the HTTP service. The firewall appends the URI to the IP address you defined earlier to construct the URL for the HTTP request. Ensure that the URI and payload format matches the syntax that your third-party vendor requires. You can use any attribute supported on the selected log type within the HTTP Header, Parameter, and Value pairs, and the request payload.
Add a Header and its corresponding value.
Include the optional parameters and values.
Select the log attributes you want to include as the payload in the HTTP message to the external web server.
Send Test Log
Click this button to validate that the external web server receives the request and in the correct payload format.
Recommended For You
Recommended videos not found.