Create test syslog

Reply
L3 Networker

Create test syslog

I want to know when our PBF rule hits by sending an email when sees the syslog.  I want to test this but don't want to actually fail traffic over.  There are test commands on the cli but haven't been able to find how to create a false syslog.  Please let me know how to create a false syslog.

 

Thank you

Tags (1)
L6 Presenter

Re: Create test syslog

In "Log Settings" --> "Config" you can set that to send to your syslog server.  Make a configuration change which should send that to your syslog server.  

L5 Sessionator

Re: Create test syslog

If you want to test if your firewall is sending the logs to the syslog or not.

 

Step1 Configure syslog server Device>server profile configure the syslog

 

Syslog1.PNG

 

Step2. Log setting. select the syslog server profile for

system>information severity or for config

 

syslog2.PNG

 

syslog3.PNG

 

Step 3 Do a commit

 

Now if you navigate through the firewall tabs a system log of information severity will generated and firewall should send the logs to syslog. If you have selected the syslog for config as well then you will get the syslog for any config change.

 

Make sure the reachablilty to syslog is there. Check the service route if reachability is not there.

 

Hope this helps!

 

L3 Networker

Re: Create test syslog

Thanks for the reply.

 

I'm not trying to make a "config" change show up to my syslog server.  I want to get a system event regarding a PBF rule to sent the alert to my email. 

L3 Networker

Re: Create test syslog

I want to know when our PBF rule hits by sending an email when sees the system log.

L4 Transporter

Re: Create test syslog

So far, Palo Alto does not have capability to selectively filter system logs or alerts.  Mostly such type of alerts can be implemented in some external NMS solutions. 

 

This needs to be a feature request. I see there are feature requests already for both functionalities, i.e. ability to filter events and option to send alert on PBF monitoring events. Kindly check with the Palo Alto SE for the roadmap.

 

BR

 

L3 Networker

Re: Create test syslog

Thank you, this would be really helpful.  I've had feature request in the past, I'll add to the list.

 

 

L0 Member

Re: Create test syslog

Look into 'Swatch', its a relic but works. Send events to syslog as outlined then on your Linux host enable Swatch to parse syslog data (one or more log files) and send an alert on any keyword/event ID, etc. I use this for PAN URL, system and threat logs along with Cisco ASA log events. There are a lot of Swatch options including thresholds to suppress repeat events.

L3 Networker

Re: Create test syslog

I appreciate everyone's help.  I believe where I was off was our threats send emails directly from the fw to to us. The fw will send complete syslogs but unable to parse out specific objects/strings.  I'll have our solarwinds send over the specifics.

 

Thanks again.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!