Message format parsed by panos-parser()

This section illustrates the most commonly used PAN-OS log format on the AxoSyslog side.

For information about customizing log format on the PAN-OS side, see the relevant section of the PAN-OS^® Administrator’s Guide.

Message format and log format

Using the panos-parser(), the parsed messages in AxoSyslog have the following general format:

   <PRI><TIMESTAMP> <HOST> <PALO-ALTO-fields-in-CSV-format>

There are several “types” of log formats in Palo Alto Networks PAN-OS. For example, the most commonly used SYSTEM type has the following message format on the AxoSyslog side after parsing:

   <12>Apr 14 16:48:54 paloalto.test.net 1,2020/04/14 16:48:54,unknown,SYSTEM,auth,0,2020/04/14 16:48:54,,auth-fail,,0,0,general,medium,failed authentication for user 'admin'. Reason: Invalid username/password. From: 10.0.10.55.,1718,0x0,0,0,0,0,,paloalto

Last modified July 2, 2023: Change highlight mode of code examples (2f8a959)