Palo Alto Firewall Syslog Filter Documentation
Introduction
This guide outlines how to configure Syslog filters on Palo Alto Networks firewalls to control which logs are sent to external Syslog servers. Proper filtering reduces noise, focuses on relevant events, and improves SIEM performance.
Syslog Overview
Syslog is a protocol used to send logs from network devices to centralized logging systems. Palo Alto firewalls support syslog forwarding for various log types: traffic, threat, system, and configuration.
Components Involved
Component |
Description |
---|---|
Syslog Server Profile |
Defines the destination server and syslog transport type |
Log Forwarding Profile |
Specifies what logs to forward and to whom |
Security Policy |
Determines when logs are generated and which are forwarded |
Configuration Steps
1. Create Syslog Server Profile
Navigate to: Device > Server Profiles > Syslog
Steps:
-
Under Syslog Server, click Add and enter:
-
(Optional) Add a Filter to specify:
-
Click OK
2. Create Log Forwarding Profile
Steps:
-
Name it (example: syslog)
3. Apply Log Forwarding to Security Policy
Steps:
-
Locate and edit the security policy you want to apply logging to.
-
Click the Actions tab.
-
In the Log Forwarding field, select the log forwarding profile you created.
-
(Optional) Enable logging at session start/end.
Please provide the following information to CyTech:
Requirements:Collect logs via syslog over UDP or TCP
*Syslog Host-> Syslog Collector IP address where the Elastic-Agent is installed.
*Syslog Port-> Port Number (Please identify if TCP or UDP)
Reference Links:
- https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/monitoring/use-syslog-for-monitoring/configure-syslog-monitoring
- https://www.youtube.com/watch?v=ftR3DU2MtjY&t=137s
If you need further assistance, kindly contact our support at support@cytechint.com for prompt assistance and guidance.
No Comments