Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

PA syslogs and change logs

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

PA syslogs and change logs

L4 Transporter

Is it possible to send the syslogs for only the system changes from the pa to solarwinds?  How to you configure the PA to send the change logs to solarwinds?

21 REPLIES 21

So are you saying if I set up a syslog server for solarwinds and go to device\logging setting\config and add it there it will only send config changes and system logs to the solarwinds server? I have snmp traps on that location too but it can probably be replaced with the syslog server

That just sets up the PAN to send config changes, you would also need to go to Device->LogSettings->System and configure which type of system logs you would like to send.

 

Neither of the above settings are for the traffic or threat logs.

By type you mean informationanl critical, high etc

For the system logs, correct. Config logs is all or none. Makes sense that way, to me at least.

Right now I have snmp traps enabled by going to device\server profiles\snmp traps. I went to device\log settings\system and configured snmp traps for the high and critca alerts then I added the snmp trap profile to device\log settings\config

 

My other option is to go to the device\server profiles\syslog and create a syslog server profile and then add it to to device\log settings\config. In this option I don't see a way to pick and choose what information goes to the solarwinds server. It looks like to me that all the traffic, threat logs everything goes to the solar wind server.

 

To me it looks like the syslogs server sends far more informaiton than the snmp traps does but it also sends much more than system and configuration changes.

 

 

Correct, I have seen that same result with other products as well. The Syslog does send more data/informtaion than the snmp traps.

I went ahead and just setup the syslog server and put it on the device\log setting\config and removed the snmp traps from that same location. I think thats about all I can do the rest of the configuration needs to be completed on the solarwinds side from what I can tell

  • 6271 Views
  • 21 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!