PaloAlto DSM Document Problem

The format strings specified for the Palo Alto DSMs results in different between versions so implementing per the directions results in different values in the event payload and therefore different extracted properties. This has to be a typo in the document so can it be corrected?

https://www.ibm.com/support/knowledgecenter/en/SS42VS_7.3.0/com.ibm.dsm.doc/t_dsm_guide_palo_alto_syslog_dest.html

Section d:

— PAN-OS v3.0 – v6.1
— sev=$severity|Severity=$number-of-severity

— This results in event payload with values like.. “sev=critical|Severity=5”

— PAN-OS v7.1
— sev=$number-of-severity|Severity=$severity

— This results in event payload with values like.. “sev=5|Severity=critical”

Related:

Leave a Reply