web analytics

PALO ALTO APPLIANCE

Log Forwarding > Network Infrastructure > Palo Alto Appliance

Instructions for forwarding Palo Alto Appliance logs to your Log Management device

PREREQUISITES

Palo Alto Appliance

  • The IP Address for the Palo Alto appliance
  • A web browser for accessing the Palo Alto appliances web interface
  • Credentials to access the Palo Alto appliance

Clone Systems Log Management Device

  • The IP Address for the Clone Systems Log Management device

INSTRUCTIONS

1

Open a web browser and enter the IP address for the Palo Alto appliance to bring up the web interface.

2

Enter the credentials and log into the Palo Alto appliance.

3

Create a syslog server profile for the Clone Systems Log Management device by navigating to Device > Server Profiles > Syslog

Enter a name for the Syslog profile and on the Servers tab enter the information for the Clone Systems Log Management device.

  • Name: { Name of the Clone Systems Log Management device }
  • Server : { IP address of the Clone Systems Log Management device }
  • Port: Default port 514
  • Facility: To be elected from the drop down according to the requirements

Click the Ok button.

Palo Alto Syslog Step3

4

Configure the log-forwarding profile to select the traffic and threat logs to be forwarded to Clone Systems Log Management device.

Navigate to Objects > Log forwarding then select the syslog server profile for forwarding traffic and threat logs to the Clone Systems Log Management device.

Click the Ok button.

Palo Alto Syslog Step4

5

Use the log forwarding profile in the security rules.

Navigate to Policies > Security Rule.

Select the rule for which the log forwarding needs to be applied. Apply the security profiles to the rule.

Go to Actions > Log forwarding and select the log forwarding profile from drop down list.

Click the Ok button.

Palo Alto Syslog Step5

6

Commit the changes by clicking Commit at the top of the web interface.

Palo Alto Syslog Step6