OpenNAC as Syslog Server for Palo Alto NGFWΒΆ

The first step is define openNAC analytics as syslog server using its IP address.

../../../../_images/PassivePaloInt1.png

Inside log forwarding profile section use the threat logs as the log type to be sent to openNAC, using the profile created before

../../../../_images/PassivePaloInt2.png

Inside log forwarding profile match list, select openNAC as Syslog server

../../../../_images/PassivePaloInt3.png

Zone Protection Profile, define a name and enable the TCP port scan, host sweep and udp port scan.

../../../../_images/PassivePaloInt4.png

Zone, set the log forwarding and protection zone mentioned before.

../../../../_images/PassivePaloInt5.png

Note

API Key should be properly configured in analytics API Key.