Jun 04 2021
I'm investigating the best way to get our Palo Alto firewall logs into MCAS and Sentinel. My present understanding is two different log collector methods would be required in parallel.
- MCAS - Log collector running in Docker
- Sentinel - Syslog server with the OMA agent installed
As the documentation is indicates MCAS processing is every 24 hours, I'm assuming the PA firewall logs cannot be passed over to Sentinel on the MCAS connector.
Is it possible to run the docker log collector and the syslog via OMA on the same host if it has a high enough specification to take the load?