Use the guides below to configure your Palo Alto Networks next-generation firewall for Micro Focus ArcSight CEF-formatted syslog events collection.
CEF Support
Palo Alto Networks does not provide or support CEF (Common Event Format) configuration guidance for PAN-OS releases after PAN-OS 10.0. OpenText (formerly Micro Focus ArcSight) no longer maintains CEF certification for integrations. While configurations based on PAN-OS 10.0 may still function in later releases, they are unsupported and might not include newer syslog fields, changes, or deprecations. Customers should use standard syslog or other supported logging mechanisms for integrations with newer PAN-OS versions.
PAN-OS 10.0 CEF Configuration Guide
PAN-OS 7.0 CEF Configuration Guide
Also supports CEF log formats for PAN-OS 7.1 releases.
PAN-OS 4.1 CEF Configuration Guide
PAN-OS 9.1 CEF Configuration Guide
PAN-OS 6.1 CEF Configuration Guide
CEF log format support for all PAN-OS 6.1 releases.
PAN-OS 4.0 CEF Configuration Guide
PAN-OS 9.0 CEF Configuration Guide
PAN-OS 6.0 CEF Configuration Guide
PAN-OS 8.0 CEF Configuration Guide
We recommend PAN-OS 8.0.3 (or later) for use with these CEF log formats.
PAN-OS 5.0 CEF Configuration Guide