This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
Accept
Reject

Traffic logs filter on syslog

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Traffic logs filter on syslog

Go to solution
johnde
L2 Linker

‎04-01-2020 06:31 AM

Hello team,

 

We are sending all the traffic logs to our inhouse syslog servers. So whatever traffic is matching current security policies, all such traffic logs are forwarded to syslog server. Now in those logs, i am seeing everything like Source, Destination, port everything. Now our requirement, we need to send only specific logs to syslog for specific traffic. e.g. dont want to disclose source IP. How can i configure this? 

 

Pls suggest. 

0 Likes Likes
2 ACCEPTED SOLUTIONS

Accepted Solutions

Go to solution
SutareMayur
Cyber Elite
Cyber Elite

‎04-01-2020 06:50 AM

@johnde,

 

I think you are looking for FILTER BUILDER under  Log Forwarding Profiles. By default, it select 'All Logs' under Filter. But you can create custom filter as per your requirement. PFB snap for your ref. Once you create Filter, attach that Log Forwarding Profile to required security policies.

 

Hope it helps!

 

Log-Filter.PNG

 

Mayur

Mayur

View solution in original post

Go to solution
kiwi
Community Team Member

‎04-01-2020 06:56 AM - edited ‎04-01-2020 07:00 AM

Hi @johnde ,

 

What @SutareMayur mentions will work and is very granular.

 

If you want to customize for your syslog-server you can also do this:

Goto your syslog server profile on the Device tab. There's a Custom Log Format tab ... click the Traffic one :

 

2020-04-01_15-53-38.jpg

 

Add the field you want :

 

2020-04-01_15-55-46.jpg

 

Hope this helps,

Kiwi.

 

 

 

 
LIVEcommunity team member, CISSP
Cheers,
Kiwi
Don't forget to hit that Like button if a post is helpful to you!

View solution in original post

6 REPLIES 6

Go to solution
SutareMayur
Cyber Elite
Cyber Elite

‎04-01-2020 06:50 AM

@johnde,

 

I think you are looking for FILTER BUILDER under  Log Forwarding Profiles. By default, it select 'All Logs' under Filter. But you can create custom filter as per your requirement. PFB snap for your ref. Once you create Filter, attach that Log Forwarding Profile to required security policies.

 

Hope it helps!

 

Log-Filter.PNG

 

Mayur

Mayur

Go to solution
kiwi
Community Team Member

‎04-01-2020 06:56 AM - edited ‎04-01-2020 07:00 AM

Hi @johnde ,

 

What @SutareMayur mentions will work and is very granular.

 

If you want to customize for your syslog-server you can also do this:

Goto your syslog server profile on the Device tab. There's a Custom Log Format tab ... click the Traffic one :

 

2020-04-01_15-53-38.jpg

 

Add the field you want :

 

2020-04-01_15-55-46.jpg

 

Hope this helps,

Kiwi.

 

 

 

 
LIVEcommunity team member, CISSP
Cheers,
Kiwi
Don't forget to hit that Like button if a post is helpful to you!

Go to solution
johnde
L2 Linker
In response to SutareMayur

‎04-01-2020 08:05 AM

@SutareMayur ,

 

Thanks Mayur, i will try it.

0 Likes Likes

Go to solution
johnde
L2 Linker
In response to kiwi

‎04-01-2020 08:07 AM

@kiwi hey, thanks much! I will try this also. 

 

Will keep you posted.

0 Likes Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Copyright 2007 - 2023 - Palo Alto Networks