Syslog in Panorama Policy

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Syslog in Panorama Policy

L4 Transporter

Hi All,

We have multiple firewalls managed by Panorama. We have single Template managing these firewalls.

There are local Syslog configs done on each firewall as logs is being pushed on different ports. But now we have multiple rules configured in Panorama template pushed on to all firewalls with no Log forwarding on the policy.

But to configure the syslog on policies in Panorama may i know how to configure it? The problem is we have different syslog on different ports it is forwarding the logs. Please suggest.

Regards,

Sanjay S

 

2 REPLIES 2

Hi @Sanjay_Ramaiah ,

Lets first clarify something:
- Templates are pushing device level settings and configuration

- Device Groups are pusing fireall policies (security, nat, decryption etc).

 

You define Syslog server in a template and then you create log forwarding profile using that syslog server and assign this profile on the firewalls.

 

It is not clear from your description what is your setup
- Are you using same device group for all firewall? Pushing same policy for all firewalls?

- Are you using same template and template stack to push device settings? Or you are using separate template stack for each fw?

 

One way to achieve what you want is:

- Create Syslog Server profile inside a template used by the firewalls. Use exactly the same name for the Syslog server object (not the hostname, but the name of the server profile.

- Push this template from Panorama to firewalls. Since your FWs are already having same syslog profile locally they will override the config pushed from Panorama and keep the ports and hostname/ip as they were before

- On the Panorama, create log forwarding profile (Objects -> Log Forwarding). Name the object "default", this way Panorama will automatically select it for every newly create firewall rule (avoiding human error to forget to set log forwarding profile). For all existing rules you need to manually update all rules (one by one) and add the log forwarding profile.

- Push device group to all firewalls.

 

If you use the same name for the syslog server object on all firewalls, you can have same log forwarding profile, but specific syslog server settings.

 

Thanks @aleksandar.astardzhiev,

I will give a try on this and update you .

  • 599 Views
  • 2 replies
  • 0 Likes
  • 29 Subscriptions
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!