panos-set-additional-threat-log

In PAN-OS 8.1.2, Palo Alto introduced additional threat logging that is enabled with an OP/CLI command. This application is a tool that allows you to enable the feature on multiple firewalls directly or through Panorama.
pan-os
panorama
logging

panos-set-additional-threat-log

In PAN-OS 8.1.2 and higher, Palo Alto introduced additional threat logging that is enabled with an OP/CLI command. This application is a tool that allows you to enable the feature on multiple firewalls directly or through Panorama. The following command enables the feature:

set system setting additional-threat-log on

Explanation of the feature:

Enable the firewall to generate Threat logs for a teardrop attack and a DoS attack using ping of death, and also generate Threat logs for the types of packets listed above if you enable the corresponding packet-based attack protection (in Step 1). For example, if you enable packet-based attack protection for Spoofed IP address, using the following OP/CLI causes the firewall to generate a Threat log when the firewall receives and drops a packet with a spoofed IP address.

For more information on this feature visit the following link:

https://live.paloaltonetworks.com/t5/blogs/pan-os-8-1-2-introduces-new-log-options/ba-p/217858
usage: panos-set-additional-threat-log.py [-h] {panorama_all,firewall_list,panorama_list,firewall_file,panorama_file} ..

Palo Alto Set Additional Threat Log Tool

optional arguments:
    -h, --help            show this help message and exit

subcommands:
    For a list of arguments for each command, type panos-set-additional-threat-log.py <command> -h

    {panorama_all,firewall_list,panorama_list,firewall_file,panorama_file}
        panorama_all        Run on all devices connected to Panorama
        firewall_list       Run direct on list of firewalls by FQDN or IP
        panorama_list       Run through Panorama on list of firewalls by Serial, Name, or Management IP
        firewall_file       Run direct on list of firewalls from a file
        panorama_file       Run on list of firewalls from a file through Panorama

Examples:

python panos-set-additional-threat-log.py firewall_file -u admin -v -f firewall_list.txt
python panos-set-additional-threat-log.py panorama_list -u admin -v -l 015351000011111 PA-VM-50-A -m 192.168.100.100

To see the help specific to a subcommand:

python panos-set-additional-threat-log.py panorama_file -h

usage: panos-set-additional-threat-log.py panorama_file [-h] [-u USERNAME] [-m PANORAMA] [-p PASSWORD] [-v] [-f FILENAME]

optional arguments:
        -h, --help            show this help message and exit
        -u USERNAME, --username USERNAME
                       Username for login
        -m PANORAMA, --panorama PANORAMA
                       Panorama IP address
        -p PASSWORD, --password PASSWORD
                       Password for login - recommend not using this on command line
        -v, --verbose  Print responses to console
        -f FILENAME, --filename FILENAME
                       File containing firewall FQDN's and IP's one per line

Requirements:

    pip install pan-os-python

Verification:

Run the following operational command to verify if the setting is enabled:

firewall> show system state filter cfg.general.additional-threat-log

If it is already enabled on the firewall, the command will return the following:

cfg.general.additional-threat-log: True

If the response is empty or if the setting is False, then the additional threat logs are disabled

## More Information

Please see http://github.com/PaloAltoNetworks/panos-set-additional-threat-log for more information

## Contributing

Feel free to open issues, offer feedback, and send Pull Requests to our Github repository where this code is hosted. 

## Disclaimer

This software is provided without support, warranty, or guarantee.
Use at your own risk.

Developer Sites

Social


Copyright © 2022 Palo Alto Networks, Inc. All rights reserved.