Filebeat extract_array for panw module for config and system logs

gadelkareem · June 24, 2020, 2:59pm

Are there any examples of extract_array for palo alto firewalls for config and system logs?

Kaiyan_Sheng · June 25, 2020, 12:58am

Sorry I don't think I understand your question extract_array is a filebeat processor: https://www.elastic.co/guide/en/beats/filebeat/7.8/extract-array.html

If you want to use the panw module, you can use ./filebeat modules enable panw and then you should see panw.yml in modules.d folder, which looks like https://github.com/elastic/beats/blob/master/x-pack/filebeat/modules.d/panw.yml.disabled

gadelkareem · June 25, 2020, 9:40am

Currently the panw module only parses Traffic and threat logs. I need to also parse config and system logs which are sent to Elastic Search.

system · July 23, 2020, 11:40am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Palo Alto Logs Not Parsing Properly with panw Module in Filebeat Beats filebeat	9	191	December 4, 2024
Palo alto logs Beats beats-module , filebeat	22	3829	April 10, 2020
PanW module issues Beats filebeat	1	480	February 4, 2021
Panw module Beats beats-module , filebeat	2	257	November 29, 2021
Filebeat PANW module Beats filebeat	3	249	November 24, 2022