Can I configuration send traffic log to syslog on global

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Can I configuration send traffic log to syslog on global

L1 Bithead

I searched on internet and I found only setting send traffic log to syslog by per security rule. on situation that has multiple security rules (100-200 rules). Can I set Syslog on global? or It can be set only per security rule?

6 REPLIES 6

Cyber Elite
Cyber Elite

Thank you for the post @jirasith

 

I am afraid that only option is to set it up per security rule. For all new rules, if you name log forwarding profile as: "default" it is automatically added added to the rule, but this will not help you with existing rules. Please check documentation, step 2:

 

https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-admin/monitoring/configure-log-forwarding.html

 

Kind Regards

Pavel

Help the community: Like helpful comments and mark solutions.

Community Team Member

Hi @jirasith ,

 

There are some tools out there that allow you to perform bulk edits. Here are some options you might want to look into:

 

Expedition, primarily used for migrating configurations, can do bulk changes.  Please verify if this can help you:

expedition-makes-bulk-changes 

 

You can look into API and scripting.  An example here:

security-rule-api 

 

Alternatively you can look at PAN-CONFIGURATOR, a PHP library aimed at making PANOS config changes easy:

pan-configurator 

 

Hope this helps,

-Kiwi

 
LIVEcommunity team member, CISSP
Cheers,
Kiwi
Please help out other users and “Accept as Solution” if a post helps solve your problem !

Read more about how and why to accept solutions.

Thank you for the information. @PavelK 

Hi @kiwi,

I have a question about Expedition Tool. I have to import the production configuration to Expedition Tool and then do the bulk Changes > Log Forwarding. and then export configuration on Expedition Tool and import to production firewall right?

Cyber Elite
Cyber Elite

@jirasith,

Correct. Export and load your current configuration into Expedition, make the bulk changes, and then export the updated configuration from expedition. You can then import the updated configuration file on the firewall and load and commit it to apply the bulk changes you made in Expedition. 

Hi @BPry

 

Thank you for the answer.

  • 3001 Views
  • 6 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!