{"id":11336,"date":"2023-07-18T08:21:54","date_gmt":"2023-07-18T07:21:54","guid":{"rendered":"https:\/\/myworldofit.net\/?p=11336"},"modified":"2023-07-18T08:21:54","modified_gmt":"2023-07-18T07:21:54","slug":"freeipa-to-palo-alto-networks-next-generation-firewall-user-id","status":"publish","type":"post","link":"https:\/\/myworldofit.net\/?p=11336","title":{"rendered":"FreeIPA to Palo Alto Networks Next Generation Firewall User-ID"},"content":{"rendered":"<p>Logs from the <a href=\"https:\/\/freeipa.org\/\">FreeIPA<\/a> server can be used with the <a href=\"https:\/\/docs.paloaltonetworks.com\/pan-os\/10-2\/pan-os-admin\/user-id\/user-id-concepts\/user-mapping\/syslog\">Syslog receiver<\/a> function of a PAN NGFW to send username to IP address mappings into User-ID and in turn be used to create policies based on the users identity. To extract the data from the logs you will need the parser shown below.<\/p>\n<div class=\"oembed-gist\"><script src=\"https:\/\/gist.github.com\/jamesfed\/29be0bd0341f5ba4304c89f7deb92565.js\"><\/script><noscript>View the code on <a href=\"https:\/\/gist.github.com\/jamesfed\/29be0bd0341f5ba4304c89f7deb92565\">Gist<\/a>.<\/noscript><\/div>\n<p>I could only find a log that matched up with a login (nothing for a logout) and it&#8217;s worth a mention that you may need to exclude some servers (like mail servers and file servers) from User-ID as you will see multiple logins from multiple users over a very short period of time.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Logs from the FreeIPA server can be used with the Syslog receiver function of a PAN NGFW to send username to IP address mappings into User-ID and in turn be used to create policies based on the users identity. To extract the data from the logs you will need the parser shown below. View the code on Gist. I could&#8230; <a class=\"read-more\" href=\"https:\/\/myworldofit.net\/?p=11336\">Read more<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"ngg_post_thumbnail":0,"footnotes":""},"categories":[479,541],"tags":[547,497,496,423,548],"series":[],"class_list":["post-11336","post","type-post","status-publish","format-standard","hentry","category-networking","category-security","tag-freeipa","tag-ngfw","tag-pan","tag-syslog","tag-user-id"],"_links":{"self":[{"href":"https:\/\/myworldofit.net\/index.php?rest_route=\/wp\/v2\/posts\/11336","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/myworldofit.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/myworldofit.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/myworldofit.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/myworldofit.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=11336"}],"version-history":[{"count":3,"href":"https:\/\/myworldofit.net\/index.php?rest_route=\/wp\/v2\/posts\/11336\/revisions"}],"predecessor-version":[{"id":11339,"href":"https:\/\/myworldofit.net\/index.php?rest_route=\/wp\/v2\/posts\/11336\/revisions\/11339"}],"wp:attachment":[{"href":"https:\/\/myworldofit.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=11336"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/myworldofit.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=11336"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/myworldofit.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=11336"},{"taxonomy":"series","embeddable":true,"href":"https:\/\/myworldofit.net\/index.php?rest_route=%2Fwp%2Fv2%2Fseries&post=11336"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}