The hostname of the PAN devices is not present in syslog messages.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

The hostname of the PAN devices is not present in syslog messages.

L3 Networker

Hello,

I'am sending system logs messages to a syslog server, and i noticed that the hostname name is not included in yhe libes being sent. I found an option in the mgt config, to make the firewall send his hostname, but even if i check it, the hostname is no longer beeing sent. Is it a known issue?

If not, what should be done to make this work, i guess that it is so important to know the source of the messages receved :smileymischief:

I'am using PAN-OS 3.0.8 version.

Regards.

5 REPLIES 5

L5 Sessionator

Try the following CLI command in configuration mode: #set deviceconfig setting management send-hostname-in-syslog yes.  If the hostname is still absent from the logs, please open a case with Support.

There is also an option in the UI under the Device -> Setup -> Management called "Send Hostname in Syslog" which enables this feature.

Unfortunately, this is somewhat misleading since when you enable the feature the management IP is actually sent. We found that logging vendors wanted a unique name to correlate logs with devices. The device name could be non-unique depending on the setup so we are using the management IP instead.

Ironically, we'd like use the hostnames to include a common substring so that our log scripts continue to operate even during HA failover. For instance we'd name the devices something like PAHA-One and PAHA-Two and have our scripts grep for "PAHA".  A short substring search has better performance than a longer multiple IP address search (egrep).

Any chance the option can be renamed to "Send Mgt IP in Syslog" for clarity?  Better still, add a second option that actually sends the hostname so users can choose depending on their need.

Not applicable

I agree with the last comment. This option is mislabeled and should read "Send IP..." instead. A second option to send the actual devices hostname would be a very useful feature. We send everything to SYSLOG and take actions based on this name. The name is much more useful to us as we have strict naming conventions that allows us to quickly identify the device and take action. Please add this option and relabel the existing box.

Hello,


There is a KnowledgePoint Article referencing details of enabling this option:

"Send Hostname In Syslog" setting:

https://live.paloaltonetworks.com/docs/DOC-1877

Any changes/enhancements, etc... would typically require a feature request submittal through your SE.


Regards,

Bryan

  • 4870 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!