Syslog configuration to Sumo Logic in PAN-OS 7.1

Showing results for 
Show  only  | Search instead for 
Did you mean: 
Please sign in to see details of an important advisory in our Customer Advisories area.

Syslog configuration to Sumo Logic in PAN-OS 7.1

L2 Linker


HI, all.

I'm looking for some reference of integration with Sumo Logic for Syslog setting.


My customer wants to receive logs from PA FW.

I'm looking at guides both Sumo logic web site and Live community in here,

but I think there's more information needed. Or I'd configured in wrong way.


Syslog Server:

Transport: TCP TLS Port(Set as 'SSL', when I set as 'TCP' then connection error occured)

Port: 6514



1-1. Syslog Server Profile



1-2. System Log; connection error (When I set 'TCP' instead of 'SSL' at 'Transport' tap in 1-1)


Customer said, I think I should user 'Token' below in like 1-3, but I think somethings are wrong.


1-3. Sample - Token/Host/TCP TLS Port



After I configured like 1-1, and set log settings in system and policies

I could see the session connected in session browser without not disconnection.

But, there were no logs in Sumo Logic Server


I think there's more configured needed for intergrated well.

I'm suspecting Syslog Server Address problem, and some addtional configuration for SSL related.

ex) Generate Certificate(but, there was no option of 'Secure Syslog check box' in PAN-OS 7.1), and so on.


If someone did this integration, Sumo Logic with PAN-OS 7.1

Please let me know the solution. 


Have a great day 😄


1 accepted solution

Accepted Solutions

L2 Linker


I should've noticed that I needed to install 'installed collector' as a syslog server.

I misunderstood.

and TCP/UDP supported.


View solution in original post


L2 Linker


I should've noticed that I needed to install 'installed collector' as a syslog server.

I misunderstood.

and TCP/UDP supported.


Customer asked another one, deploying in 'Hosted Collector'

Hosted Collector needs for rsyslog or syslog-ng, I should look into it.

I think it is more complecated to configure. Anyway. 

Have a great day

I'm currently facing the same issue. I followed SL documentation and I wasn't able to forward any logs (status always "None" from SL).

Could you please share the steps (or document) that you followed in order to solve this? Did you change transport to TCP/UDP instead of SSL?


Many thanks! 

L0 Member

want to make hosted collector works. need to do the below setup. 

By default, the PA syslog only support 1.2 forced. need to skip.


set syslogng-ssl-conn-validation explicit OCSP skip CRL skip EKU skip
set syslogng-ssl-conn-validation all-cons skip


syslogng ssl connection validation settings:

This worked fantastic for me but I have one question:  After making this change, is it permanent?  I see no way to commit or save it.

  • 1 accepted solution
  • 5 replies
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!