Sending logs to SIEM one file per type

JuanLondono1 — Tue, 07 Nov 2023 22:01:07 GMT

I am an administrator of a SIEM, for this I have usually asked the paloalto administrator to send me the logs via Syslog using port 514 to the IP of the server I administer.

After informing me that the process has been done, I check a specific route of my server where I can verify that the logs are indeed arriving in a file called user.log.

For a specific situation I need to ask the firewall administrator to please send me the TRAFFIC logs in a user.log file, the THREAT logs in another file with another name for example user2.log and the SYSTEM logs in a user3.log.

He is asking me for the source paloalto where it is specified if this process is possible and how it should be done.

I would appreciate if you could help me with your knowledge.

Re: Sending logs to SIEM one file per type

JayGolf — Wed, 08 Nov 2023 15:02:00 GMT

HI @JuanLondono1 ,

Here is our admin guide for configuring syslog. You can have multiple syslog servers in your Syslog Server Profile, but Im not sure if the logs can be sent in different files to the same syslog server.

topic Re: Sending logs to SIEM one file per type in General Topics

Sending logs to SIEM one file per type

Re: Sending logs to SIEM one file per type