This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

How to set selective syslog server?

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Palo Alto Networks Approved
Palo Alto Networks Approved
Community Expert Verified
Community Expert Verified

How to set selective syslog server?

Go to solution
Theerdam
L0 Member

‎09-29-2021 04:39 AM

Can I set palo alto to check if syslog server is up before forwarding the log, and if the main syslog server is down then forward log to another server?

 

I have issues that I need palo alto to not forwarding logs to both servers at the same time.

 

0 Likes Likes
1 accepted solution

Accepted Solutions

Go to solution
PavelK
Cyber Elite
Cyber Elite

‎10-04-2021 09:33 PM

Thank you for posting question @Theerdam

 

I was researching this topic and doing some verification. Regardless of PAN-OS version there can be up to 4 syslog servers configured in one syslog server profile, however there is no logic / connection check. Syslog server profile is sending logs to all targets simultaneously. One way to go around it would be to send all the logs to Virtual IP address of Load Balancer, then based on health check send logs to either of the real syslog server.

 

Kind Regards

Pavel

Help the community: Like helpful comments and mark solutions.

View solution in original post

3 REPLIES 3

Go to solution
PavelK
Cyber Elite
Cyber Elite

‎10-04-2021 09:33 PM

Thank you for posting question @Theerdam

 

I was researching this topic and doing some verification. Regardless of PAN-OS version there can be up to 4 syslog servers configured in one syslog server profile, however there is no logic / connection check. Syslog server profile is sending logs to all targets simultaneously. One way to go around it would be to send all the logs to Virtual IP address of Load Balancer, then based on health check send logs to either of the real syslog server.

 

Kind Regards

Pavel

Help the community: Like helpful comments and mark solutions.

Go to solution
pchevveti
L0 Member

‎11-18-2021 07:41 AM

Hi, I have one query here. 
Imagine the Syslog server is down for a few hours, and later once the syslog server is up again, will the firewall send fresh logs or the meantime logs as well ?

0 Likes Likes

Go to solution
MP18
Cyber Elite
Cyber Elite
In response to pchevveti

‎03-11-2023 11:36 AM

@pchevveti 

 

If the syslog server is down then as per my understanding firewall will store logs locally and once server is up it will send old new logs.

 

Regards

Mahesh

MP

Help the community: Like helpful comments and mark solutions.
0 Likes Likes
  • 1 accepted solution
  • 5782 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks