To facilitate the integration with external log parsing systems, the firewall allows you to customize the log format; it also allows you to add custom Key: Value attribute pairs. Custom message formats can be configured under DeviceServer ProfilesSyslogSyslog Server ProfileCustom Log Format. https://docs.
paloaltonetworks.com/pan-os/11-1/pan-os-admin/monitoring/use-syslog-for-monitoring/syslog-field- descriptions/custom-logevent-format Step-by-Step Explanation:
* Understanding Log Forwarding in PAN-OS:
* Palo Alto Networks firewalls allow forwarding logs to external systems like syslog servers, SNMP servers, or email systems for external analysis or compliance.
* Traffic logs can be customized to include additional information that meets the audit or operational requirements.
* Syslog Server Profiles:
* Syslog Server Profiles specify the format and destination of the log data sent to the syslog server.
* These profiles allow customization through the Custom Log Format option, where the firewall engineer can add or modify log fields (e.g., source address, destination address, URL category).
* Custom Log Format:
* Navigate to Device > Server Profiles > Syslog.
* Within the Syslog Server Profile, define a Custom Log Format for traffic logs.
* Using this feature, the engineer can include additional fields requested by the internal audit team, such as threat severity, application details, or user ID.
* Field Specification:
* In the Custom Log Format, fields are defined using variables corresponding to the log fields in PAN-OS.
* Example:
$receive_time,$src,$dst,$app,$action,$rule
* The engineer can include specific details as requested by the audit team.
* Comparison of Other Options:
* Option B: Built-in Actions within Objects > Log Forwarding Profile
* Log Forwarding Profiles are used to specify what logs are forwarded based on security policy matches. However, they do not control the format of logs.
* Log Forwarding Profiles define actions (e.g., forwarding to syslog, SNMP), but customization of log data happens within Syslog Server Profiles.
* Option C: Logging and Reporting Settings within Device > Setup > Management
* These settings control general logging behavior and settings but do not allow customization of log data for syslog forwarding.
* Option D: Data Patterns within Objects > Custom Objects
* Data Patterns are used for identifying sensitive data or patterns in data filtering. They are unrelated to log customization.
Why A is Correct?
* The Custom Log Format under Device > Server Profiles > Syslog is the only place where additional information can be defined and added to forwarded traffic logs.
* This flexibility allows the firewall engineer to meet specific compliance or audit requirements.
Documentation Reference:
* PCNSA Study Guide: Logging and Monitoring section discusses Syslog Server Profiles and log forwarding configurations.
* PAN-OS Admin Guide: Covers Custom Log Format configuration under the Syslog Server Profile.