>
    Forward Logs to an HTTP/S Destination
    Focus
    Download PDF
    Focus
    1. Home
    2. Next-Generation Firewall
    3. Monitoring
    4. Forward Logs to an HTTP/S Destination
    Download PDF
    Next-Generation Firewall

    Forward Logs to an HTTP/S Destination

    Table of Contents

    Forward Logs to an HTTP/S Destination

    Create an HTTP server profile to forward logs to an HTTP/S destination from cloud management.
    Contact your account team to enable Cloud Management for NGFWs using Strata Cloud Manager.
    Where Can I Use This?What Do I Need?
    • NGFW (Managed by Strata Cloud Manager)
    • VM-Series, funded with Software NGFW Credits
    • AIOps for NGFW Premium license (use the Strata Cloud Manager app)
    Create a HTTP/S server profile to forward all logs or specific logs to trigger an action on an external HTTP-based service when an event occurs. When forwarding logs to an HTTP server, configure the firewall to send an HTTP-based API request directly to a third-party service to trigger an action that is based on the attributes in a firewall log. You can configure the firewall to work with any HTTP-based service that exposes an API and you can modify the URL, HTTP header, parameters, and the payload in the HTTP request to meet your integration needs.
    1. Log in to cloud management.
    2. Select ManageConfigurationNGFW and Prisma AccessObjectsLog ForwardingHTTPS Server Profile and select the Configuration Scope where you want to create the HTTP/S server profile.
      You can select a folder or firewall from your Folders or select Snippets to configure the HTTP/S server profile in a snippet.
    3. Add HTTP.
    4. Enter a descriptive Name
    5. (Optional) check (enable) Tag Registration to add or remove a tag on a source or destination IP address in a log entry and register the IP address and tag mapping to the User-ID agent on the firewall using HTTP/S.
      You can then define Dynamic Address Groups that use these tags as a filtering criteria to determine its members, and enforce policy rules to an IP address based on tags. To register tags to the User-ID agent on Panorama, you don’t need a server profile. Additionally, you can’t use the HTTP server profile to register tags to a User-ID agent running on a Windows server.
    6. Add and configure the HTTP/S server profile to forward logs to an HTTP/S destination.
      1. Enter a Name for the HTTP/S destination.
      2. Enter the HTTP/S destination IP Address.
      3. Select the Protocol.
        You can select HTTP or HTTPS.
      4. Select the Port number the HTTP/S destination listens to.
        Default for HTTP is 80. Default for HTTPS is 443.
      5. Select the supported TLS Version.
        You can select 1.0, 1.1, or 1.2. HTTP has no default TLS Version. HTTPS default TLS Version is 1.2.
      6. Select the Certificate Profile to use for the TLS connection with the HTTP/S destination.
      7. Select the HTTP Method that the third-party service supports.
        You can select DELETE, GET, POST, or PUT. Default is POST.
      8. (Optional) Enter the Username and Password for authentication the HTTP/S destination, if needed.
    7. (Optional) Select the Payload Format for the HTTP/S request.
      1. Select the Log Type link for each log type for you want to define the HTTP/S request format.
      2. Select the Pre-defined Formats or create a custom format.
        If you create a custom format, the URI is the resource endpoint on the HTTP/S service. The firewall appends the URI to the IP address you defined earlier to construct the URL for the HTTP/S request. Ensure that the URI and payload format matches the syntax that your third-party vendor requires. You can use any attribute supported on the selected log type within the HTTP Header, the Parameter and Value pairs, and in the request payload.
    8. Configure log forwarding to the HTTP/S destination.
      1. Select ManageConfigurationNGFW and Prisma AccessObjectsLog ForwardingLog Forwarding Profile and select the Configuration Scope where you want to create the Log Forwarding profile.
        You can select a folder or firewall from your Folders or select Snippets to configure the Log Forwarding profile in a snippet.
      2. Add Log Forwarding Profile.
      3. Enter a descriptive Name.
      4. Add the profile match list for the Log Forwarding profile.
        A match list profile specifies the log query filter, forwarding destinations, and automatic actions to take. Multiple profile match lists can be added to the same Log Forwarding profile to allow you to add different profile match lists for different log types in the same Log Forwarding profile.
        1. Enter a descriptive Name.
        2. Select the Log Type.
          Only one log type can be added per profile match list.
        3. (Optional) Configure the log query Filter. Default is All Logs.
        4. Add the HTTP Server Profile you created in the previous step.
        5. Save.
        6. Repeat this step for all the log types you want to forward to your HTTP/S destination.
      5. Save.

    © 2024 Palo Alto Networks, Inc. All rights reserved.