In this lab, I:
• Configured log forwarding on the firewall appliance
• Generate traffic
able to prepopulate the Firewall with log entries and usernames that can be observable and investigated.
using an Xfce terminal, able to capture traffic packets to the Palo Alto Networks Firewall using sh /tg/traffic.sh.
Pushing malware packet captures to the Firewall using sh /tg/malware.sh.
• Test log forwarding
The firewall's log forwarding profile will also forward the log traffic to the DMZ server's syslog server for permanent storage and for further analysis to possibly include machine learning analysis (MLA).
• Export the firewall appliances' traffic log as a csv file
able to forward my firewall's threat log to my DMZ server running syslog. Syslog is a standard log transport mechanism that enables the aggregation of log data from different network devices - such as routers, firewalls, printers- from different vendors into a central repository for archiving, analysis, and reporting.
• Perform data analysis on the exported traffic csv file
Top comments (0)