This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Syslog multiple configurations

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Syslog multiple configurations

vseward
L1 Bithead

‎09-29-2017 01:02 PM

I am having no issues actually sending syslog data.  The issue is sending to much over the network.  I have two different applications that require syslog data from the firewalls.  One application requires all the logs with all the content.  The other application only requires a limited number of fields in the trafic log and all of the change log.  I am able to send all the logs and all the data to both applications with realitive easy but I cant seem to be able to configure each differently.  Is it possible to configure them seperately using Panorama?

 

Thanks

Victor

0 Likes Likes
4 REPLIES 4

kiwi
Community Team Member

‎10-02-2017 01:58 AM

Hi @vseward,

 

In PAN-OS 8.0 you can add multiple log forwarding profiles with each profile having its own forwarding filters :

 

2017-10-02_10-58-07.jpg

 

 

Hope this helps.

 

Cheers !

-Kiwi.

LIVEcommunity team member, CISSP
Cheers,
Kiwi
Please help out other users and “Accept as Solution” if a post helps solve your problem !

Read more about how and why to accept solutions.
0 Likes Likes

vseward
L1 Bithead
In response to kiwi

‎10-04-2017 01:17 PM

So to be clear on version 8 of PAN OS each firewall rule can have multiple Log Forwarding Profile setting sending to different syslog servers?

0 Likes Likes

vseward
L1 Bithead
In response to kiwi

‎10-04-2017 01:22 PM

By the way if you don't have the Log Forwarding Profile setting set under options on any of the firewall policy rules what data is sent to the syslog server if you do have a syslog set on Device -> Server Profiles -> syslog?

0 Likes Likes

kiwi
Community Team Member
In response to vseward

‎10-05-2017 12:11 AM

Hi @vseward,

 

Not exactly.  The screenshot from my previous comment was referring to the PAN-OS 8.0 System logs setting under Device > Log Forwarding (similar to Device > Log Settings > System in 7.1).

 

In your policies, you can only have one Log Forwarding Profile configured per rule ... that said, in PAN-OS 8.0 you can add multiple 'Log Forwarding Profile Match List' to your 'Log Forwarding Profile'.

 

You can always add multiple syslog servers to your existing syslog server profile (this is also possible in PAN-OS 7.1)

 

This might help you on the filtered log forwarding feature in PAN-OS 8.0:

https://live.paloaltonetworks.com/t5/Tutorials/Tutorial-Filtered-Log-Forwarding/ta-p/145950

 

If you don't add a forwarding profile to a rule then no data is forwarded for that rule.

 

Cheers !

-Kiwi.

LIVEcommunity team member, CISSP
Cheers,
Kiwi
Please help out other users and “Accept as Solution” if a post helps solve your problem !

Read more about how and why to accept solutions.
0 Likes Likes
  • 3585 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks