Is there configuration guide for PaloAlto PAN-OS 8.x CEF?
PaloAlto had announce PAN-OS 8.0
In this version , there are new log type in the syslog format config GUI
Besides "Traffic、Threat、Config、System、HIP Match", there are new type : "URL、Data、WildFire、Tunnel、Authentication、User-ID、Correlation"
And is there any configuration guide for PaloAlto PAN-OS 8.x CEF?
The configuration guide for 7 works for Traffic (tested in my environment and verified). In Palo's syslog guide for 8.0, it says wildfire and URL (I don't have a use case or req't for data, tunnel, User-ID yet) should be subsets of Threat, so it may just be taking the Threat configuration and adding mapping to some of the specific alerts or parameters. I haven't gotten that far yet.
I've confirmed that the 7.0 CEF THREAT format will work for URL in 8.0. I'm guessing it will work for Wildfire too.
Also note that if you're copying the format out of the PDF guide, it does not copy the second hyphen in the field $number-of-severity, so make sure to include it manually.