Instructions for forwarding Palo Alto Appliance logs to your Log Management device
PREREQUISITES
Palo Alto Appliance
The IP Address for the Palo Alto appliance
A web browser for accessing the Palo Alto appliances web interface
Credentials to access the Palo Alto appliance
Clone Systems Log Management Device
The IP Address for the Clone Systems Log Management device
Instructions
1. Open a web browser and enter the IP address for the Palo Alto appliance to bring up the web interface.2. Enter the credentials and log into the Palo Alto appliance.3. Create a syslog server profile for the Clone Systems Log Management device by navigating to Device > Server Profiles > SyslogEnter a name for the Syslog profile and on the Servers tab enter the information for the Clone Systems Log Management device.– Name: { Name of the Clone Systems Log Management device }– Server : { IP address of the Clone Systems Log Management device }– Port: Default port 514– Facility: To be elected from the drop down according to the requirementsClick the Ok button.4. Configure the log-forwarding profile to select the traffic and threat logs to be forwarded to Clone Systems Log Management device.Navigate to Objects > Log forwarding then select the syslog server profile for forwarding traffic and threat logs to the Clone Systems Log Management device.Click the Ok button.5. Use the log forwarding profile in the security rules.Navigate to Policies > Security Rule.Select the rule for which the log forwarding needs to be applied. Apply the security profiles to the rule.Go to Actions > Log forwarding and select the log forwarding profile from the drop-down list.Click the Ok button.6. Commit the changes by clicking Commit at the top of the web interface.
