Traffic logs filter on syslog

Reply
Highlighted
L2 Linker

Traffic logs filter on syslog

Hello team,

 

We are sending all the traffic logs to our inhouse syslog servers. So whatever traffic is matching current security policies, all such traffic logs are forwarded to syslog server. Now in those logs, i am seeing everything like Source, Destination, port everything. Now our requirement, we need to send only specific logs to syslog for specific traffic. e.g. dont want to disclose source IP. How can i configure this? 

 

Pls suggest. 


Accepted Solutions
Highlighted
L5 Sessionator

Re: Traffic logs filter on syslog

@johnde,

 

I think you are looking for FILTER BUILDER under  Log Forwarding Profiles. By default, it select 'All Logs' under Filter. But you can create custom filter as per your requirement. PFB snap for your ref. Once you create Filter, attach that Log Forwarding Profile to required security policies.

 

Hope it helps!

 

Log-Filter.PNG

 

Mayur



Mayur Sutare

View solution in original post

Highlighted
Community Team Member

Re: Traffic logs filter on syslog

Hi @johnde ,

 

What @SutareMayur mentions will work and is very granular.

 

If you want to customize for your syslog-server you can also do this:

Goto your syslog server profile on the Device tab. There's a Custom Log Format tab ... click the Traffic one :

 

2020-04-01_15-53-38.jpg

 

Add the field you want :

 

2020-04-01_15-55-46.jpg

 

Hope this helps,

Kiwi.

 

 

 

 

View solution in original post


All Replies
Highlighted
L5 Sessionator

Re: Traffic logs filter on syslog

@johnde,

 

I think you are looking for FILTER BUILDER under  Log Forwarding Profiles. By default, it select 'All Logs' under Filter. But you can create custom filter as per your requirement. PFB snap for your ref. Once you create Filter, attach that Log Forwarding Profile to required security policies.

 

Hope it helps!

 

Log-Filter.PNG

 

Mayur



Mayur Sutare

View solution in original post

Highlighted
Community Team Member

Re: Traffic logs filter on syslog

Hi @johnde ,

 

What @SutareMayur mentions will work and is very granular.

 

If you want to customize for your syslog-server you can also do this:

Goto your syslog server profile on the Device tab. There's a Custom Log Format tab ... click the Traffic one :

 

2020-04-01_15-53-38.jpg

 

Add the field you want :

 

2020-04-01_15-55-46.jpg

 

Hope this helps,

Kiwi.

 

 

 

 

View solution in original post

Highlighted
L2 Linker

Re: Traffic logs filter on syslog

@SutareMayur ,

 

Thanks Mayur, i will try it.

Highlighted
L2 Linker

Re: Traffic logs filter on syslog

@kiwi hey, thanks much! I will try this also. 

 

Will keep you posted.

Highlighted
L5 Sessionator

Re: Traffic logs filter on syslog

Yes, this is very helpful when you have multiple syslog servers and you want to filter specific logs fields for specific syslog server only.

@kiwiThanks for sharing this too.

 

Mayur



Mayur Sutare
Highlighted
L2 Linker

Re: Traffic logs filter on syslog

@SutareMayur @kiwi ,

 

Thanks for all your suggestions and inputs. I did try both the configurations and both works for me.

Appreciate your help!

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!