Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Figure out if we need to adjust Palo USERID template #730

Open
waab76 opened this issue Feb 11, 2021 · 0 comments
Open

Figure out if we need to adjust Palo USERID template #730

waab76 opened this issue Feb 11, 2021 · 0 comments

Comments

@waab76
Copy link
Contributor

waab76 commented Feb 11, 2021

As mentioned in #719, there is currently an open question regarding the User Group Flags (position 32) and User by Source (position 32) fields in the USERID log type. Per the Palo schema, positions 30 and 31 should be reserved for future use. However, test logs obtained both from SumoLogic and from Nick's own Palo firewall seem to show User Group Flags in position 30 and User by Source in position 31.

We need to resolve this discrepancy before releasing this update.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

1 participant