https://live.paloaltonetworks.com/t5/general-topics/collect-syslog-information/m-p/261539#M74147 <P>Hi <a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/85066">@BigPalo</a>&nbsp;</P><P>&nbsp;</P><P>This article will probably help in your situation. It is actually written for panorama sozing but the steps you need to take for a proper panorama sizing can be applied also to a syslog server:&nbsp;<A href="https://docs.paloaltonetworks.com/panorama/8-1/panorama-admin/set-up-panorama/determine-panorama-log-storage-requirements.html" target="_blank">https://docs.paloaltonetworks.com/panorama/8-1/panorama-admin/set-up-panorama/determine-panorama-log-storage-requirements.html</A></P> Fri, 17 May 2019 19:59:24 GMT Remo 2019-05-17T19:59:24Z https://live.paloaltonetworks.com/t5/general-topics/collect-syslog-information/m-p/261457#M74125 <P>Hi,&nbsp;</P><P>&nbsp;</P><P>We are going to add a new syslog server in PA config. So we would like to do a bit audit about PA supporting syslog sessions.</P><P>What si the best way to know:</P><P>-Volume of traffic per day for syslog</P><P>-Top10 destination syslogs</P><P>-.....</P><P>&nbsp;</P><P>thanks.</P><P>&nbsp;</P> Fri, 17 May 2019 08:33:20 GMT https://live.paloaltonetworks.com/t5/general-topics/collect-syslog-information/m-p/261457#M74125 BigPalo 2019-05-17T08:33:20Z https://live.paloaltonetworks.com/t5/general-topics/collect-syslog-information/m-p/261521#M74139 <P>Hello,</P><P>As for syslogs per day. That depends on your environment. Like for us, its in the 10's of millions. I would work with your SIEM vendor and get a demo license first and see what the ingest rate is of all the logs you wish to capture. At that point you can determine what the actual scale would be.</P><P>&nbsp;</P><P>Hope that helps.</P> Fri, 17 May 2019 15:59:40 GMT https://live.paloaltonetworks.com/t5/general-topics/collect-syslog-information/m-p/261521#M74139 OtakarKlier 2019-05-17T15:59:40Z https://live.paloaltonetworks.com/t5/general-topics/collect-syslog-information/m-p/261539#M74147 <P>Hi <a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/85066">@BigPalo</a>&nbsp;</P><P>&nbsp;</P><P>This article will probably help in your situation. It is actually written for panorama sozing but the steps you need to take for a proper panorama sizing can be applied also to a syslog server:&nbsp;<A href="https://docs.paloaltonetworks.com/panorama/8-1/panorama-admin/set-up-panorama/determine-panorama-log-storage-requirements.html" target="_blank">https://docs.paloaltonetworks.com/panorama/8-1/panorama-admin/set-up-panorama/determine-panorama-log-storage-requirements.html</A></P> Fri, 17 May 2019 19:59:24 GMT https://live.paloaltonetworks.com/t5/general-topics/collect-syslog-information/m-p/261539#M74147 Remo 2019-05-17T19:59:24Z https://live.paloaltonetworks.com/t5/general-topics/collect-syslog-information/m-p/261552#M74152 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/85066">@BigPalo</a>,</P><P>Agree with&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/27580">@OtakarKlier</a>, the vast majority of SIEMs will be happy to supply you with an unlimited trial license for a few weeks so you can configure it exactly how you want and have legitimate numbers for how many logs you'll actually pass. Just be mindful of the pricing model of the SIEM when you are deciding what you actually want to send to it and if it'll actually be useful. When you get to something like Splunk pricing alone can determine what you are actually passing off of the box.&nbsp;</P> Fri, 17 May 2019 21:20:57 GMT https://live.paloaltonetworks.com/t5/general-topics/collect-syslog-information/m-p/261552#M74152 BPry 2019-05-17T21:20:57Z