https://live.paloaltonetworks.com/t5/general-topics/traffic-logs-filter-on-syslog/m-p/319992#M81984 <P>Hello team,</P><P>&nbsp;</P><P>We are sending all the traffic logs to our inhouse syslog servers. So whatever traffic is matching current security policies, all such traffic logs are forwarded to syslog server. Now in those logs, i am seeing everything like Source, Destination, port everything. Now our requirement, we need to send only specific logs to syslog for specific traffic. e.g. dont want to disclose source IP. How can i configure this?&nbsp;</P><P>&nbsp;</P><P>Pls suggest.&nbsp;</P> Wed, 01 Apr 2020 13:31:06 GMT johnde 2020-04-01T13:31:06Z https://live.paloaltonetworks.com/t5/general-topics/traffic-logs-filter-on-syslog/m-p/319992#M81984 <P>Hello team,</P><P>&nbsp;</P><P>We are sending all the traffic logs to our inhouse syslog servers. So whatever traffic is matching current security policies, all such traffic logs are forwarded to syslog server. Now in those logs, i am seeing everything like Source, Destination, port everything. Now our requirement, we need to send only specific logs to syslog for specific traffic. e.g. dont want to disclose source IP. How can i configure this?&nbsp;</P><P>&nbsp;</P><P>Pls suggest.&nbsp;</P> Wed, 01 Apr 2020 13:31:06 GMT https://live.paloaltonetworks.com/t5/general-topics/traffic-logs-filter-on-syslog/m-p/319992#M81984 johnde 2020-04-01T13:31:06Z https://live.paloaltonetworks.com/t5/general-topics/traffic-logs-filter-on-syslog/m-p/320005#M81989 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/132841">@johnde</a>,</P><P>&nbsp;</P><P>I think you are looking for FILTER BUILDER under&nbsp; Log Forwarding Profiles. By default, it select 'All Logs' under Filter. But you can create custom filter as per your requirement. PFB snap for your ref. Once you create Filter, attach that Log Forwarding Profile to required security policies.</P><P>&nbsp;</P><P>Hope it helps!</P><P>&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Log-Filter.PNG" style="width: 350px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/24832i6552D10A114DF751/image-dimensions/350x220/is-moderation-mode/true?v=v2" width="350" height="220" role="button" title="Log-Filter.PNG" alt="Log-Filter.PNG" /></span></P><P>&nbsp;</P><P>Mayur</P> Wed, 01 Apr 2020 13:50:13 GMT https://live.paloaltonetworks.com/t5/general-topics/traffic-logs-filter-on-syslog/m-p/320005#M81989 SutareMayur 2020-04-01T13:50:13Z https://live.paloaltonetworks.com/t5/general-topics/traffic-logs-filter-on-syslog/m-p/320010#M81990 <P>Hi <a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/132841">@johnde</a> ,</P> <P>&nbsp;</P> <P>What <a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/132521">@SutareMayur</a> mentions will work and is very granular.</P> <P>&nbsp;</P> <P>If you want to customize for your syslog-server you can also do this:</P> <P>Goto your syslog server profile on the Device tab. There's a Custom Log Format tab ... click the Traffic one :</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-center" image-alt="2020-04-01_15-53-38.jpg" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/24833iE5A530C95AB13F6E/image-size/medium?v=v2&amp;px=400" role="button" title="2020-04-01_15-53-38.jpg" alt="2020-04-01_15-53-38.jpg" /></span></P> <P>&nbsp;</P> <P>Add the field you want :</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-center" image-alt="2020-04-01_15-55-46.jpg" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/24834i96057E2B856766C6/image-size/medium?v=v2&amp;px=400" role="button" title="2020-04-01_15-55-46.jpg" alt="2020-04-01_15-55-46.jpg" /></span></P> <P>&nbsp;</P> <P>Hope this helps,</P> <P>Kiwi.</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <DIV id="ConnectiveDocSignExtentionInstalled" data-extension-version="1.0.4">&nbsp;</DIV> Wed, 01 Apr 2020 14:00:12 GMT https://live.paloaltonetworks.com/t5/general-topics/traffic-logs-filter-on-syslog/m-p/320010#M81990 kiwi 2020-04-01T14:00:12Z https://live.paloaltonetworks.com/t5/general-topics/traffic-logs-filter-on-syslog/m-p/320021#M81994 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/132521">@SutareMayur</a>&nbsp;,</P><P>&nbsp;</P><P>Thanks Mayur, i will try it.</P> Wed, 01 Apr 2020 15:05:30 GMT https://live.paloaltonetworks.com/t5/general-topics/traffic-logs-filter-on-syslog/m-p/320021#M81994 johnde 2020-04-01T15:05:30Z https://live.paloaltonetworks.com/t5/general-topics/traffic-logs-filter-on-syslog/m-p/320022#M81995 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/11943">@kiwi</a>&nbsp;hey, thanks much! I will try this also.&nbsp;</P><P>&nbsp;</P><P>Will keep you posted.</P> Wed, 01 Apr 2020 15:07:38 GMT https://live.paloaltonetworks.com/t5/general-topics/traffic-logs-filter-on-syslog/m-p/320022#M81995 johnde 2020-04-01T15:07:38Z https://live.paloaltonetworks.com/t5/general-topics/traffic-logs-filter-on-syslog/m-p/320051#M82003 <P>Yes, this is very helpful when you have multiple syslog servers and you want to filter specific logs fields for specific syslog server only.</P><P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/11943">@kiwi</a>Thanks for sharing this too.</P><P>&nbsp;</P><P>Mayur</P> Wed, 01 Apr 2020 16:15:50 GMT https://live.paloaltonetworks.com/t5/general-topics/traffic-logs-filter-on-syslog/m-p/320051#M82003 SutareMayur 2020-04-01T16:15:50Z https://live.paloaltonetworks.com/t5/general-topics/traffic-logs-filter-on-syslog/m-p/320243#M82036 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/132521">@SutareMayur</a>&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/11943">@kiwi</a>&nbsp;,</P><P>&nbsp;</P><P>Thanks for all your suggestions and inputs. I did try both the configurations and both works for me.</P><P>Appreciate your help!</P> Thu, 02 Apr 2020 10:35:15 GMT https://live.paloaltonetworks.com/t5/general-topics/traffic-logs-filter-on-syslog/m-p/320243#M82036 johnde 2020-04-02T10:35:15Z