How to configure Palo Alto to send logs to SGBox

Please follow the official guide, for your specific Palo Alto version, on how to send CEF formatted logs to SGBox through the syslog protocol: https://docs.paloaltonetworks.com/resources/cef.html

WARNING!!! 

Please be aware to not cat and paste log templates directly from the PDF, or the web page, to your Palo Alto configuration panels because this can lead to paste “dirty” characters or cause malformation in the text itself.

So please follow below suggestion to avoid any pattern matching issue with SGBox definition.

The issue is that the template copied from the PDF is splitted in several lines with a carriage return character at the end of each line, instead in the Palo Alto configuration panels, we’ve to write each single template as a single line with all the Key=Value pair separated by a blank character.

So, to avoid any pattern matching issue in SGBox, please download ad use one of the below pattern packages depending on your PaloAlto version