Collect syslog information

Showing results for 
Search instead for 
Did you mean: 

Collect syslog information

L4 Transporter



We are going to add a new syslog server in PA config. So we would like to do a bit audit about PA supporting syslog sessions.

What si the best way to know:

-Volume of traffic per day for syslog

-Top10 destination syslogs






Cyber Elite
Cyber Elite


As for syslogs per day. That depends on your environment. Like for us, its in the 10's of millions. I would work with your SIEM vendor and get a demo license first and see what the ingest rate is of all the logs you wish to capture. At that point you can determine what the actual scale would be.


Hope that helps.

Cyber Elite
Cyber Elite

Hi @jesuscano 


This article will probably help in your situation. It is actually written for panorama sozing but the steps you need to take for a proper panorama sizing can be applied also to a syslog server:


Agree with @OtakarKlier, the vast majority of SIEMs will be happy to supply you with an unlimited trial license for a few weeks so you can configure it exactly how you want and have legitimate numbers for how many logs you'll actually pass. Just be mindful of the pricing model of the SIEM when you are deciding what you actually want to send to it and if it'll actually be useful. When you get to something like Splunk pricing alone can determine what you are actually passing off of the box. 

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!