A little treat that I hope will help someone at some point, for those with Palo Alto Networks Next Generation Firewalls (NGFW) and Aruba Instant Wi-Fi you can forward syslog messages from the controller to the NGFW and parse them with the profile below to map users to IP addresses.

There is plenty of information on syslog to User-ID at this link for those just getting started: https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-admin/monitoring/use-syslog-for-monitoring/configure-syslog-monitoring.html.

The text strings you will need are:

  • User authenticated
  • username-([a-zA-Z0-9\_\.\@]+)
  • IP-([A-F0-9a-f:.]+)

VN:F [1.9.22_1171]
Thumbs up if this article helped you 🙂
Rating: 0 (from 0 votes)

Leave a Reply

Your email address will not be published. Required fields are marked *

About

my world of IT is a blog about both the business and consumer world of IT as seen by a common garden Security and Networking consultant. For more information click here!