https://live.paloaltonetworks.com/t5/general-topics/tcpdump-shows-syslog-traffic-going-to-a-specific-destination-how/m-p/31041#M22711 <HTML><HEAD></HEAD><BODY><P>I am hoping this is an "easy" question that I am just missing having been on calls since 4:24 am this morning :smileyconfused:</P><P></P><P>I have used tcpdump to confirm that one of our PAN firewalls are sending syslog traffic to a specific destination (w.x.y.z) which it is not supposed to. (we don't want it going to that 'collector' for band width reasons - we have a 'closer' collector. </P><P></P><P>&nbsp;&nbsp; Anyone have a trick to figure out what rule/construct is sending the syslog traffic to server w.x.y.z?</P><P></P><P>&nbsp;&nbsp; BlueCoat has a "Trace" functionality on their SG-OS that shows the evaluation by each rule as the traffic is evaluated ... that would be helpful... is there a similar thing in PAN-OS?</P><P></P><P>Thanks</P><P>Art</P></BODY></HTML> Tue, 18 Feb 2014 20:02:11 GMT Art 2014-02-18T20:02:11Z https://live.paloaltonetworks.com/t5/general-topics/tcpdump-shows-syslog-traffic-going-to-a-specific-destination-how/m-p/31041#M22711 <HTML><HEAD></HEAD><BODY><P>I am hoping this is an "easy" question that I am just missing having been on calls since 4:24 am this morning :smileyconfused:</P><P></P><P>I have used tcpdump to confirm that one of our PAN firewalls are sending syslog traffic to a specific destination (w.x.y.z) which it is not supposed to. (we don't want it going to that 'collector' for band width reasons - we have a 'closer' collector. </P><P></P><P>&nbsp;&nbsp; Anyone have a trick to figure out what rule/construct is sending the syslog traffic to server w.x.y.z?</P><P></P><P>&nbsp;&nbsp; BlueCoat has a "Trace" functionality on their SG-OS that shows the evaluation by each rule as the traffic is evaluated ... that would be helpful... is there a similar thing in PAN-OS?</P><P></P><P>Thanks</P><P>Art</P></BODY></HTML> Tue, 18 Feb 2014 20:02:11 GMT https://live.paloaltonetworks.com/t5/general-topics/tcpdump-shows-syslog-traffic-going-to-a-specific-destination-how/m-p/31041#M22711 Art 2014-02-18T20:02:11Z https://live.paloaltonetworks.com/t5/general-topics/tcpdump-shows-syslog-traffic-going-to-a-specific-destination-how/m-p/31042#M22712 <HTML><HEAD></HEAD><BODY><P>Hello <A href="https://live.paloaltonetworks.com/u1/11113">Art</A></P><P></P><P>If we look at the below image we see that the Traffic Log type has a field for "Rule" this would indicate the security rule name that is generating the log.</P><P>Hope this is exactly what is being looked for.</P><P><IMG alt="syslog.PNG.png" class="jive-image" src="https://live.paloaltonetworks.com/legacyfs/online/11715_syslog.PNG.png" /></P></BODY></HTML> Wed, 19 Feb 2014 14:31:48 GMT https://live.paloaltonetworks.com/t5/general-topics/tcpdump-shows-syslog-traffic-going-to-a-specific-destination-how/m-p/31042#M22712 Phoenix 2014-02-19T14:31:48Z https://live.paloaltonetworks.com/t5/general-topics/tcpdump-shows-syslog-traffic-going-to-a-specific-destination-how/m-p/31043#M22713 <HTML><HEAD></HEAD><BODY><P>Thanks Phoenix... great idea... I will look into it... turned out there was one rule I hadn't noticed that was configured incorrectly that was routing the traffic.</P><P></P><P>thanks</P><P>Art</P></BODY></HTML> Mon, 24 Feb 2014 21:33:01 GMT https://live.paloaltonetworks.com/t5/general-topics/tcpdump-shows-syslog-traffic-going-to-a-specific-destination-how/m-p/31043#M22713 Art 2014-02-24T21:33:01Z