Click here to expand

    Configuring the Syslog Service on PaloAlto devices

    To configure the Syslog service in your Palo Alto devices, follow the steps below:

    1. Login to the Palo Alto device as an administrator.
    2. Navigate to Device > Server Profiles > Syslog to configure a Syslog server profile. 
    3. Configure Syslog forwarding for Traffic, Threat, and WildFire Submission logs. First, navigate to Objects > Log Forwarding, and click on Add to create a log forwarding profile. 
    4. Assign the log forwarding profile to security rules. 
    5. Configure Syslog forwarding for System, Config, HIP match, and Correlation logs. 
    6. Click on Commit for the changes to take effect. 

    For version 7.1 and above:

    1. Login to the Palo Alto device as an administrator.
    2. Configure a Syslog server profile for the EventLog Analyzer server
        • Select Device > Server Profiles > Syslog.
        • Click Add and provide a name for the profile.
        • If the firewall has more than one virtual system (vsys), select the Location (vsys or Shared) where this profile is available.
        • For the EventLog Analyzer server, click Add and enter the requested information.
        • Click OK.
    3. Configure syslog forwarding for Traffic, Threat, and WildFire Submission logs.
        • Create a log forwarding profile.
            • Select Objects > Log Forwarding, click Add, and enter a Name to identify the profile.
            • For each log type and each severity level or WildFire verdict, select EventLog Analyzer's Syslog server profile and click OK.
        • Assign the log forwarding profile to security rules.
    4. Configure syslog forwarding for System, Config, HIP Match, and Correlation logs.
        • Select Device > Log Settings.
        • For System and Correlation logs, click each Severity level, select EventLog Analyzer's syslog server profile, and click OK.
        • For Config, HIP Match, and Correlation logs, edit the section, select EventLog Analyzer's syslog server profile, and click OK.
    5. Click Commit to save your changes.

    Source:  https://docs.paloaltonetworks.com/pan-os/7-1/pan-os-admin/monitoring/configure-syslog-monitoring


    Note: It's recommended to use BSD format in syslog profiles.

    Once you have completed the configuration steps, the logs from your Palo Alto device will be automatically forwarded to the EventLog Analyzer server. 

    Don't see what you're looking for?

    •  

      Visit our community

      Post your questions in the forum.

       
    •  

      Request additional resources

      Send us your requirements.

       
    •  

      Need implementation assistance?

      Try onboarding

       
    Get download link