Log forwarding to PAN and syslog?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Log forwarding to PAN and syslog?

L4 Transporter

I use panorama to configure and push policies as well as log forwarding (to the panorama) for all my firewalls.  I now want to send all those logs (traffic, threat, data, etc..) to a syslog server as well but running into a problem when doing this.  It seems I can't push/create a syslog server on the PAN and add it to the 'panorama log forwarding' profile. 

 

If I create a syslog server profile on the PAN it doesn't show up under > Log Forwarding > Forward to Panorama > Log Forwarding Profile > Traffic (or any other log) > Syslog.  

 

pan-log-forward.JPG

 

So because I do all this from the PAN I can't seem to figure out how to push all logs to the PAN and a syslog server at the sametime.  The only way I think I can do it is by doing the policies locally on the firewall which then defeats the entire purpose of the PAN.  

 

Anyone run into this before?  

 

 

5 REPLIES 5

L6 Presenter

Is there a reason you can't FW your logs from Panorama to your syslog device?  (That's what I do)

Did you configure the syslpg server profile in the shared context or for a specific vsys? And in addition: the log forwarding profile also must be greated in shared context and not in a device group in order to make it work.

@RemoProblem is the syslog server profile is NOT shared on the Panorama.  It seems to be local and not even able to assign it on the panorama. The log forwarding is created under a 'Branches' DG which includes all of my sites.  

 

@Brandon_Wertz Only reason is I was trying to forward only a single sites logs and not all of them.  Can you post a screenshot of you have it configured?

I have the same config here. I have the syslog server profile on all firewalls in a global template, even if I do not need in on all devices. And obviously I also don't need the log forwarding profile on all firewalls, but creating it in shared devicegroup context is the only working solution. And because the forwarding profile is created in shared context it will be pushed to all firewalls - even if it is not used - which the other way requires the syslog profile on all firewalls for not getting commit errors because of deoendencies.

Figured out why, I didn't have any 'Templates' configured on the panorama.  Once I configured one I was able to apply the syslog profile to the log forwarding profile.  Thanks all. 

  • 2410 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!