https://live.paloaltonetworks.com/t5/general-topics/newbie-in-need-of-help-forwarding-traffic-logs-to-a-syslog/m-p/340775#M85500 <P>Hi community,</P><P>&nbsp;</P><P>I need to forward all traffic and threat logs to a log collector.</P><P>&nbsp;</P><P>I understand most of the process except the security policy part.</P><P>&nbsp;</P><P>Once I create a syslog server profile and then a log forwarding profile, I then need to use that log forwarding profile in my security policy.</P><P>&nbsp;</P><P>Our firewalls have many rules and my only instructions have been "please forward all traffic and threat logs to our log collector".</P><P>&nbsp;</P><P>How best do I do this? Do I manually set the log forwarding profile of every rule to the one I created?</P><P>&nbsp;</P><P>Or do I create a new rule? If I create a new rule, what options do I set? Do I put both source and destination address as "any"? everything else as any?</P><P>&nbsp;</P><P>Sorry about sounding confused but I appreciate any help.</P><P>&nbsp;</P><P>Thank you.</P> Mon, 27 Jul 2020 05:42:12 GMT damom10 2020-07-27T05:42:12Z https://live.paloaltonetworks.com/t5/general-topics/newbie-in-need-of-help-forwarding-traffic-logs-to-a-syslog/m-p/340775#M85500 <P>Hi community,</P><P>&nbsp;</P><P>I need to forward all traffic and threat logs to a log collector.</P><P>&nbsp;</P><P>I understand most of the process except the security policy part.</P><P>&nbsp;</P><P>Once I create a syslog server profile and then a log forwarding profile, I then need to use that log forwarding profile in my security policy.</P><P>&nbsp;</P><P>Our firewalls have many rules and my only instructions have been "please forward all traffic and threat logs to our log collector".</P><P>&nbsp;</P><P>How best do I do this? Do I manually set the log forwarding profile of every rule to the one I created?</P><P>&nbsp;</P><P>Or do I create a new rule? If I create a new rule, what options do I set? Do I put both source and destination address as "any"? everything else as any?</P><P>&nbsp;</P><P>Sorry about sounding confused but I appreciate any help.</P><P>&nbsp;</P><P>Thank you.</P> Mon, 27 Jul 2020 05:42:12 GMT https://live.paloaltonetworks.com/t5/general-topics/newbie-in-need-of-help-forwarding-traffic-logs-to-a-syslog/m-p/340775#M85500 damom10 2020-07-27T05:42:12Z https://live.paloaltonetworks.com/t5/general-topics/newbie-in-need-of-help-forwarding-traffic-logs-to-a-syslog/m-p/340820#M85511 <P>Hi <a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/150298">@damom10</a> ,</P> <P>&nbsp;</P> <P>You'll need to add the profile to all your existing rules.&nbsp;</P> <P>DO NOT create an ANY ANY ANY rule unless you want to open all the gates <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span> !!!</P> <P>&nbsp;</P> <P>Check out the following discussion that talks about this exact topic.&nbsp; It might give you some ideas on how to best approach this :</P> <P><A href="https://live.paloaltonetworks.com/t5/general-topics/log-forwarding-profile-in-all-security-policies/td-p/205426" target="_blank">https://live.paloaltonetworks.com/t5/general-topics/log-forwarding-profile-in-all-security-policies/td-p/205426</A></P> <P>&nbsp;</P> <P>Cheers !</P> <P>-Kiwi.</P> <P>&nbsp;</P> <P>&nbsp;</P> Mon, 27 Jul 2020 11:46:48 GMT https://live.paloaltonetworks.com/t5/general-topics/newbie-in-need-of-help-forwarding-traffic-logs-to-a-syslog/m-p/340820#M85511 kiwi 2020-07-27T11:46:48Z https://live.paloaltonetworks.com/t5/general-topics/newbie-in-need-of-help-forwarding-traffic-logs-to-a-syslog/m-p/341138#M85602 <P>Thank you Kiwi, great information!</P><P>&nbsp;</P><P>You have helped me immensely.</P> Tue, 28 Jul 2020 23:07:46 GMT https://live.paloaltonetworks.com/t5/general-topics/newbie-in-need-of-help-forwarding-traffic-logs-to-a-syslog/m-p/341138#M85602 damom10 2020-07-28T23:07:46Z