Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
10-28-2015 07:15 AM
Is it possible to send the syslogs for only the system changes from the pa to solarwinds? How to you configure the PA to send the change logs to solarwinds?
10-29-2015 01:23 PM
I only want to send system and config changes to the solarwinds server is that done through snmp traps only and how is that configured?
10-29-2015 01:58 PM - edited 10-29-2015 02:02 PM
In "Device" --> "Log Settings" --> "System" and "Config" just use a configured Syslog profile to send have the desired logs sent to the configured syslog profile
--Edit--
The same can be said for SNMP.
10-30-2015 05:36 AM
So what works better system and config sent by syslog or by snmp traps?
10-30-2015 07:47 AM
I don't think there's a "better," more to do with which you can use...I played with the idea of using SNMP for "important" stuff and syslog for general logs, but in the end I just went with syslog.
10-30-2015 11:18 AM
Well the thing is I don't think they can handle or want to deal with threat logs on solarwinds
11-03-2015 07:34 AM
I don't see where you can choose to only send config and system logs using syslog server
11-03-2015 09:51 AM
That piece is under the log settings. Device-> Log Settings ->System.
11-04-2015 05:41 AM
Yes I found that so it that better than using the syslogs? Can you narrow down the syslogs and only send config and system logs no threat logs. I already have snmp traps configured and added to the location you are recommending and its not giving us what we need on solarwinds
11-04-2015 03:51 PM
Hello,
Yes this is possible as the threat logs are set in a different locations. So you can have only Config and System logs sent to your SIEM or logg collector and the threat and traffic stay on the PAN or Panorama.
Regards,
11-05-2015 06:29 AM
Hello,
I'm going to guess at what you are asking:
You will first need to setup a syslog profile Device -> Server Profile -> Syslog
System logs are configured under Device ->Log Settings -> System
Config logs are configured under Device ->Log Settings -> Config
Thats is if that is all you wish to send outside of the PAN.
To export Threat and Traffic logs:
Setup a log forwarder: Objects -> Log Forwarding
To have policies that are triggered to be sent exteranlly:
Within each policy: Policy -> Security -> 'Edit the Policy' -> Actions -> Log forwarding 'Select the Log forwarder you already setup'
Hope this helps.
11-05-2015 02:14 PM
Yes but I don't want to send the threat logs to the solarwinds server. I don't see where this is being excluded
11-09-2015 10:49 AM
It doesnt have to be excluded. If you dont setup the traffic logs to forward, they will not send to the SIEM.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
