>
    Create Log Filters
    Focus
    Download PDF
    Focus
    1. Home
    2. Strata Logging Service
    3. Strata Logging Service Administration
    4. Forward Logs from Strata Logging Service
    5. Create Log Filters
    Download PDF
    Strata Logging Service

    Create Log Filters

    Table of Contents

    Create Log Filters

    Specify the logs that you want to forward based on log type and attributes.
    Where Can I Use This?What Do I Need?
    One of these:
    When you’re first setting up log forwarding to an external destination server, you must specify which logs to forward by using log filters. Log filters use the same query language as Explore to enable you to finely select which logs Strata Logging Service will forward to the destination of your choice. Set the log columns you want to send through those log types in log filters. You can also edit the log filters for an existing running log forwarding profile to add or remove the log columns you want to forward for the log type.
    1. Start creating a forwarding profile.
    2. Under Filters, select Add.
    3. Select a log type.
    4. Enter a query that describes the log fields you want to forward, or select one of the predefined filters.
      1. You can either write your own queries from scratch or use the Query Builder. You can also select the query field to choose from among a set of common predefined queries.
        Log filters function like queries in Explore, with the following differences:
        • No double quotes (“”).
        • No subnet masks. To return IP addresses with subnets, use the LIKE operator. Example: src_ip.value LIKE “192.1.1.%”.
        If you want to forward all logs of the type you selected, do not enter a query.
      Learn more about queries and using the query builder to help you write them.
      A green check mark indicates that the query is valid, and pressing enter or clicking the arrow should generate results that match the query. A red X means that the query is invalid and you will be unable to submit it.
    5. (Optional) Customize how the field columns appear.
      • Hover over any column header and select the hamburger icon to choose the columns that you want to forward through the selected log type to the external destination.
        The data for the selected columns is forwarded to the destination server. You can also edit the filter for an existing running log forwarding profile to add or remove columns you want to forward. After making edits, save the filter and the log forwarding profile for the changes to reflect in the log forwarding message.
      • Change column order by clicking anywhere on a column header and dragging to the left or right.
        Rearranging columns changes the order of the fields in the Syslog message of the logs forwarded through the filter. For example, if you move RULE to the left of APPLICATION, the Rule field will appear before the Application field in the Syslog message.
      • Change column width by clicking in between column headers and dragging to the left or right.
    6. Save your filter.

    © 2024 Palo Alto Networks, Inc. All rights reserved.