Senior Member



I'm investigating the best way to get our Palo Alto firewall logs into MCAS and Sentinel. My present understanding is two different log collector methods would be required in parallel.


- MCAS - Log collector running in Docker

- Sentinel - Syslog server with the OMA agent installed


As the documentation is indicates MCAS processing is every 24 hours, I'm assuming the PA firewall logs cannot be passed over to Sentinel on the MCAS connector.


Is it possible to run the docker log collector and the syslog via OMA on the same host if it has a high enough specification to take the load?

We support Ukraine and condemn war. Push Russian government to act against war. Be brave, vocal and show your support to Ukraine. Follow the latest news HERE