Syslog Issue.

cancel
Showing results for 
Search instead for 
Did you mean: 

Syslog Issue.

L3 Networker

Hi - I may have not understood how this is achieved - so apologies before I start!

I'm trying to forward logs for traffic and threat to syslog We have 2x 4050s and Panorama - all policy rules are added via panorama.

I've created a "log forwarding profile" in Panorama that says - forward all traffic and threats to panorama. This is then added to each rule on Panorma. Both the log forwarding profile and the addition to the individual rules are pushed to both the firewalls fine and I get logs on the Panorama.

However, I now want to set the traffic logs to forward to syslog as well. I go into Panorama and under the Panorama tab--->Server profiles-----> syslog.  I've created a syslog entry for my server. Still on Panorama I now go back to the "log forwardinng profile" I've already created and used and try and choose the syslog server I just created - it doesn't show on the drop down list.

NB - if I go onto the FW itself I can create a syslog server and then a log forwarding profile and choose the syslog server fine. I guess I could apply that to local rules for a full test - but I don't have any local rules only rule generated from Panorama (and of course the rules generated from Panorama can't be changed locally).

Am I missing something?

Thanks

11 REPLIES 11

L3 Networker

Thanks for all your replies. I've now worked out what the issue is. When creating the "syslog server profile" in Panorama - I had the location set as Panorama (not Shared). I assumed this would allow me to use the the profile on the policy rules as they were created in Panorama. it doesn't - I've re-created the syslog server and set it to Shared and I now see it referenced in the drop down list in the Log Forward Profile.

If you create an object with "Location = Panorama" it means the object should not be pushed to any Managed Device and to keep the object for use on Panorama only. Eg. Auth Profile for Panorama auth you do not want available for viewing or using on a Device.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!