10-04-2021 02:09 AM
I have a pair of 5220's, running version 10.0.7 and we are running multiple vsys's on it.
We need to set up syslog on one particular vsys to send log data to a service within that environment.
I have configured this but the syslog data seems to be heading out of the management interface and not the designated interface.
For configuration I have:
1. Configured Device>Server Profiles>Syslog with a syslog server with location of the vsys. I had to duplicate this to shared for reason below.
2. My existing Log Forwarding profile for this vsys was updated to the vsys named Syslog Server.
3. Device>Log Settings has been updated to add the named Syslog server - only the shared instance as the Vsys syslog server does not appear in the list.
4. The Syslog Service Route for that vsys has been changed to the interface required for the syslog server traffic.
All rules have been configured for log forwarding and this is working.
The syslog server does not send traffic out of that interface but the management interface when checking the logs.
10-20-2021 12:48 AM
Hi @a.jones ,
Are you managing your firewall configurations from Panorama server ? If yes then please check if Panorama pushed template configuration on local firewall is overridden.
03-14-2023 03:29 AM
Hi Adrian - how did you go with this?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!