In PAN-OS 8.1.2 and higher, Palo Alto introduced additional threat logging that is enabled with an OP/CLI command. This application is a tool that allows you to enable the feature on multiple firewalls directly or through Panorama. The following command enables the feature:
set system setting additional-threat-log on
Explanation of the feature:
Enable the firewall to generate Threat logs for a teardrop attack and a DoS attack using ping of death, and also generate Threat logs for the types of packets listed above if you enable the corresponding packet-based attack protection (in Step 1). For example, if you enable packet-based attack protection for Spoofed IP address, using the following OP/CLI causes the firewall to generate a Threat log when the firewall receives and drops a packet with a spoofed IP address.
For more information on this feature visit the following link:
https://live.paloaltonetworks.com/t5/blogs/pan-os-8-1-2-introduces-new-log-options/ba-p/217858
usage: panos-set-additional-threat-log.py [-h] {panorama_all,firewall_list,panorama_list,firewall_file,panorama_file} ..
Palo Alto Set Additional Threat Log Tool
optional arguments:
-h, --help show this help message and exit
subcommands:
For a list of arguments for each command, type panos-set-additional-threat-log.py <command> -h
{panorama_all,firewall_list,panorama_list,firewall_file,panorama_file}
panorama_all Run on all devices connected to Panorama
firewall_list Run direct on list of firewalls by FQDN or IP
panorama_list Run through Panorama on list of firewalls by Serial, Name, or Management IP
firewall_file Run direct on list of firewalls from a file
panorama_file Run on list of firewalls from a file through Panorama
Examples:
python panos-set-additional-threat-log.py firewall_file -u admin -v -f firewall_list.txt
python panos-set-additional-threat-log.py panorama_list -u admin -v -l 015351000011111 PA-VM-50-A -m 192.168.100.100
To see the help specific to a subcommand:
python panos-set-additional-threat-log.py panorama_file -h
usage: panos-set-additional-threat-log.py panorama_file [-h] [-u USERNAME] [-m PANORAMA] [-p PASSWORD] [-v] [-f FILENAME]
optional arguments:
-h, --help show this help message and exit
-u USERNAME, --username USERNAME
Username for login
-m PANORAMA, --panorama PANORAMA
Panorama IP address
-p PASSWORD, --password PASSWORD
Password for login - recommend not using this on command line
-v, --verbose Print responses to console
-f FILENAME, --filename FILENAME
File containing firewall FQDN's and IP's one per line
Requirements:
pip install pan-os-python
Verification:
Run the following operational command to verify if the setting is enabled:
firewall> show system state filter cfg.general.additional-threat-log
If it is already enabled on the firewall, the command will return the following:
cfg.general.additional-threat-log: True
If the response is empty or if the setting is False, then the additional threat logs are disabled
## More Information
Please see http://github.com/PaloAltoNetworks/panos-set-additional-threat-log for more information
## Contributing
Feel free to open issues, offer feedback, and send Pull Requests to our Github repository where this code is hosted.
## Disclaimer
This software is provided without support, warranty, or guarantee.
Use at your own risk.