04-20-2011 01:30 AM
Hi all,
does anyone know how the configuration of more than one Syslog server in Syslog profile (to send Traffic and Threat logs) impact the performance of a PAN 2020 device?
I need to send traffic and threat logs to a SIEM and a Syslog server at the same time.
I saw I can configure up to 4 syslog server in the Log Profile and then add the Forwarding profile to a rule.
Can anyone (from support is better) answer to this question?
It's very important for my client.
Thanks
04-21-2011 02:37 PM
Our syslog implementation conforms to RFC 3195, some syslog servers do have additionals features that lend themselves nicely to SIEM (Security Information and Event Management ). Setting up for any given syslog will require special effort unque to that product. Yes you can configure as many as four syslog devices in a profile and if your SIEM device conforms to the RFC it is logical that you shuld be able to include it in your profile. I have not set this up myself and am unaware of any others, this doesnt mean it will or wont work just that you might need to contact support directly for assistance.
04-22-2011 08:19 AM
Thanks Phil,
I hope it won't cause any problems to my customer, in a very critical environment.
Could you confirm that the syslog events sent are under the responsability of Control Plane, and then doesn't impact the inspection performance (if I let it goes out form MGT interface)?
Regards
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
