Audit Failed to Process Palo Alto URL Log File
search cancel

Audit Failed to Process Palo Alto URL Log File

book

Article ID: 235192

calendar_today

Updated On:

Products

CASB Audit

Issue/Introduction

URL logs uploaded from PAN to SpanVA Receive "Input file does not contain log messages required by Audit" error in the CloudSOC Datasource Details Pane.

Environment

SpanVA 1.15.3.151.0 and prior releases

Cause

Palo Alto Network firewall generates separate Traffic and URL log files. The URL log files do not have all the headers required to be processed.

Resolution

The Audit technical documentation specified that both files should be combined in a single archive before upload or transfer to the CloudSOC Audit app. Alternatively, the customer should upload both traffic and URL log files within an hour timeframe. 

Additional Information

Please check the Palo Alto log formats techdoc for more info.