An internal audit team has requested additional information to be included inside traffic logs forwarded from Palo Alto Networks firewalls to an internal syslog server.
Where can the firewall engineer define the data to be added into each forwarded log?
The correct answer is 'Custom Log Format within Device > Server Profiles > Syslog.' This is because the firewall allows customization of log formats to integrate with external systems and add custom data fields to the logs. This customization is done through the Syslog Server Profile, where additional fields or custom formats can be defined for the logs forwarded to the syslog server.
I think the answer should be A. This is where you can add more data fields to logs.
correct. Anser is A. tested in lab
Totally agreement!
It's A, in Syslog profile you can modify Facility
To facilitate the integration with external log parsing systems, the firewall allows you to customize the log format; it also allows you to add custom Key: Value attribute pairs. Custom message formats can be configured under DeviceServer ProfilesSyslogSyslog Server ProfileCustom Log Format. https://docs.paloaltonetworks.com/pan-os/11-1/pan-os-admin/monitoring/use-syslog-for-monitoring/syslog-field-descriptions/custom-logevent-format
B..Create new traffic log profile within the log forwarding profile. A not correct....this will make changes to the syslog server info.