Ask the Community
Groups
How do I configure remote syslog forwarding for Palo Alto firewalls - Connect IT Community | Kaseya
<main> <article class="userContent"> <h2 data-id="this-article-will-describe-the-steps-required-to-configure-palo-alto-to-send-syslog-messages-to-the-rocketagent-syslog-server">This article will describe the steps required to configure Palo Alto to send Syslog messages to the RocketAgent Syslog Server</h2> <p><strong>CREATE SYSLOG PROFILE</strong></p> <ol><li>Open your Palo Alto dashboard.</li> <li>Navigate to <strong>Devices > Server Profiles > Syslog</strong> </li> <li>Click <strong>Add</strong> and enter a <strong>Name</strong> for the syslog profile, i.e. <em>RocketCyber SOC syslog</em> </li> <li> <strong>Server</strong> - the IP address of the specified device chosen in the RocketCyber firewall log analyzer</li> <li> <strong>Transport</strong> - select UDP</li> <li> <strong>Port</strong> - the default Palo Alto port is 1514, change this to 514</li> <li> <strong>Format</strong> - select BSD</li> <li> <strong>Facility</strong> - the default standard syslog value should be set to LOG_USER</li> <li>Click <strong>OK</strong> to save the syslog profile</li> </ol><p><strong>CONFIGURE SYSLOG FORWARDING PROFILE</strong></p> <ol><li>Navigate to <strong>Objects > Log Forwarding</strong>, click <strong>Add</strong> and <strong>Enter</strong> a name (common to use the same as above ~ <em>RocketCyber SOC syslog</em>.</li> <li>For each log type, severity level and Wildfire verdict, select the syslog server profile, and click <strong>OK</strong>.</li> <li>Assign the log forwarding profile to security rules.</li> </ol><p> </p> <p><em>Optional</em><strong> - CONFIGURE SECURITY POLICY RULE AS LOG FORWARDING</strong></p> <ol><li>Navigate to <strong>Policies > Security</strong> </li> <li>Click the policy desired to be added to the log forwarding.</li> <li>Select <strong>Actions</strong>.</li> <li>Select <strong>Log Forwarding Profile</strong> from dropdown ~RocketCyber SOC syslog</li> <li>Click <strong>OK</strong> </li> </ol><p> </p> </article> </main>