Filebeat extract_array for panw module for config and system logs

gadelkareem · June 24, 2020, 2:59pm

Are there any examples of extract_array for palo alto firewalls for config and system logs?

Kaiyan_Sheng · June 25, 2020, 12:58am

Sorry I don't think I understand your question extract_array is a filebeat processor: https://www.elastic.co/guide/en/beats/filebeat/7.8/extract-array.html

If you want to use the panw module, you can use ./filebeat modules enable panw and then you should see panw.yml in modules.d folder, which looks like https://github.com/elastic/beats/blob/master/x-pack/filebeat/modules.d/panw.yml.disabled

gadelkareem · June 25, 2020, 9:40am

Currently the panw module only parses Traffic and threat logs. I need to also parse config and system logs which are sent to Elastic Search.

Topic		Replies	Views
Palo Alto Logs Not Parsing Properly with panw Module in Filebeat Beats filebeat	9	463	December 4, 2024
Palo alto logs Beats beats-module , filebeat	22	4064	April 10, 2020
Filebeat 7.7 panw module sends THREAT, but not TRAFFIC logs Beats filebeat	8	1438	August 21, 2020
Filebeat PANW module Beats filebeat	3	295	November 24, 2022
Palo Alto Leef type logs (panw) Beats filebeat	3	862	June 5, 2020