PAN-OS Syslog messages

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

PAN-OS Syslog messages

L3 Networker

Hello,

We are planning to implement monitoring tools, based on syslog messages sent by the PAN firewall. The pupose is to trap some specefic messages from witch incidents will be generated in the monitoring tool. Is there any documentation that mentions syslog messages sent by the PAN device in case of a système event (If down, HA switch over, HA configuration out of sync...).

The same need is present for log messages written by the user agent.

Regards.

4 REPLIES 4

L4 Transporter

Hello Aisa,

the attached document which provides our log formats identifies syslog messages sent by the Pan.

Thank you swhyte,

But i'am looking for the messages, specially critical and high system logs to use theme to monitor availability of the devices. If you have something written about that, it can help me so much.

Hi swythe,

As mentioned in your document, we tried to configure the appliance to send the Hostname in syslog message, checking "send hostname in syslog" in the device/management section on the gui. But It does not work. We still receive the ip address instead of the name. You will find below an example we received on our syslog server :

02-23-2011 16:38:06 Local1.Info 10.x.x.x Feb 23 16:38:06 10.x.x.x 1,2011/02/23 16:38:06,0006C100733,SYSTEM,general,0,2011/02/23 16:38:06,,general,,0,0,general,informational,User xxxxx logged in via Web from 10.x.x.x using https<000>

I read another case on this site about the same problem but I did not understand the answer.

We use the 3.1.5 version. Could you please help. Thank you very much in advance


The option to send the hostname to the syslog is on the device tab under the management section. The host name *will* be the IP address, not the host name in the first part of the setup screen under the devcie tab.

Dominic

  • 5890 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!