1/28/2016 How to Forward Traffic Logs to Syslog Server - Live Community

Sign In Get Support

Topics Resources

Live > Topics > Configuration > Configuration Articles >

Configuration Articles
Customer Advisory: Read the notice on PAN-OS SSL Certificate Expiration.Click Here >

Community Search

How to Forward Traffic Logs to Syslog Server Labels

by ppatel on
09-26-2012 12:19 AM (16,199 Views)

App-ID (12)
Labels: Configuration, Logs
Authentication (24)
Forwarding traffic logs to a syslog server requires four steps
Certificates (20)
Create a syslog server profile
Configure the log-forwarding profile to select the traffic logs to be forwarded to syslog server Cloud (2)
Use the log forwarding profile in the security rules
Commit the changes Configuration (404)

Syslog server profile Decryption (3)

Go to Device > Server Profiles > Syslog
Endpoint (1)
Name: Name of the syslog server
Server : Server IP address where the logs will be forwarded to GlobalProtect (50)
Port: Default port 514
Facility: To be elected from the drop down according to the requirements Hardware (13)

High Availability (24)

Integration (4)

Learning (12)

Logs (53)

Management (182)

Migration (1)

NAT (33)

Network (144)

Objects & Security Profiles (102)

Log forwarding profile Go to Objects > Log forwarding Select the syslog server profile for forwarding traffic logs to the configured server. Panorama (40)

Policies (81)

Next

Contributors
ppatel

Security Rule Go to Policies > Security Rule Select the rule for which the log forwarding needs to be applied. Go to Actions > Log forwarding and select the log
forwarding profile from drop down list.

Recommendations
How to Setup Log Forwarding
From Log Collector To ...

How to Forward Firewall Logs

https://live.paloaltonetworks.com/t5/Configuration-Articles/How-to-Forward-Traffic-Logs-to-Syslog-Server/ta-p/62154 1/3
1/28/2016 How to Forward Traffic Logs to Syslog Server - Live Community
from Panorama through...

How to Forward Threat Logs to

Syslog Server

How to Forward System Logs to

Syslog Server

How to Forward Critical System

Log Events to a Sys...

Commit the configurations

owner: ppatel
/servlet/JiveServlet/downloadImage/102-3817-5-4163/syslog-server-profile.PNG

Everyone's Tags: configuration doc-3836 faq forward how-to View All (12)

Did you find this article helpful? Yes No

Article Options

Hide Comments

Comments

by edwinchristopher on
09-04-2013 03:14 AM

those steps i know ....but my question is does palo alto support syslog over tcp?

Permalink

by kfindlen on
09-04-2013 08:04 AM

Syslog over TCP is not currently supported.

Permalink

by rivkin on
05-16-2014 07:53 AM

So, is there a way to do this for all rules at once, or does it have to be applied one at a time? If so, a feature request to be able to apply to
multiple at once would be nice.
Secondly, is there a guide to parsing the sys logs, in order to set up alerts using something like ELM, or Kiwi Syslogd, etc.? The PIX/ASA
comes with a large document of all the possible system messages, and what categories they are all in so admins can decide which to
alert on.

Permalink

by timothyyip on
07-17-2014 12:30 AM

I have configured third party syslog server to receive traffic log.

however, it was found that the time zone is different between PA console and Syslog server console. will it send the GMT time zone log
to syslog rather than configured time zone?
How to configure it?
Thanks!

Permalink

https://live.paloaltonetworks.com/t5/Configuration-Articles/How-to-Forward-Traffic-Logs-to-Syslog-Server/ta-p/62154 2/3
1/28/2016 How to Forward Traffic Logs to Syslog Server - Live Community

by jkim2 on
07-17-2014 04:30 AM

Easiest way to set logging options on all rules is to export the config in set format, add the log parameters then add it back in . should
take only a few minutes.
For alertings there are severity levels for both system and threat logs.
I would also review the CEF(Common event format) log format as it has some information that is useful even though your using
Documentation

Permalink

by jkim2 on
07-17-2014 04:32 AM

Upgrade to 6.0 it supports SSL & TCP custom ports :smileyhappy:

Permalink

Latest Blogs Events Connect

Week 4 recap
Reports roundup is underway! Learn to la...
Palo Alto Networks lauded for
outstanding customer support by TSIA
and J.D. Power
The Technology Services Industry Associa...
Join Fuel at Spark User Summit Boston
on 18 December 2015
Join Fuel at Spark User Summit
Amsterdam on 16 December 2015
Join Fuel User Group in Amsterdam for a ...

Join Fuel at Spark User Summit Sydney

Week 3 recap on 9 December 2015
Can you ever let your guard down? Don't ...

Copyright 2007 - 2016 - Palo Alto Networks Privacy Policy Terms of Use

https://live.paloaltonetworks.com/t5/Configuration-Articles/How-to-Forward-Traffic-Logs-to-Syslog-Server/ta-p/62154 3/3