Obtaining and maintaining updated User-ID mappings from reliable sources is critical to deploying
and enforcing a comprehensive Security policy. To obtain the IP address-to-username
mappings from your existing network services that authenticate users, you can configure
the PAN-OS integrated User-ID agent or Windows-based User-ID agent to parse
Syslog messages from those
authentication services. To ensure that you keep your user mappings up to date, you can
also configure the User-ID agent to parse syslog messages for logout events. This
ensures the firewall automatically deletes outdated mappings. Using syslog senders as
sources for User-ID mappings allows you even more possibilities for deployment
configurations.