Forum Discussion

MikeP75's avatar
MikeP75
Copper Contributor
Jun 04, 2021

Uploading Palo Alto firewall logs to MCAS and Sentinel

Hi,

 

I'm investigating the best way to get our Palo Alto firewall logs into MCAS and Sentinel. My present understanding is two different log collector methods would be required in parallel.

 

- MCAS - Log collector running in Docker

- Sentinel - Syslog server with the OMA agent installed

 

As the documentation is indicates MCAS processing is every 24 hours, I'm assuming the PA firewall logs cannot be passed over to Sentinel on the MCAS connector.

 

Is it possible to run the docker log collector and the syslog via OMA on the same host if it has a high enough specification to take the load?

Resources