Prisma SD-WAN Administrator’s Guide
    : Configure Syslog Profiles
    Focus
    Download PDF
    Focus
    1. Home
    2. Prisma
    3. Prisma SD-WAN
    4. Prisma SD-WAN Administrator’s Guide
    5. Prisma SD-WAN Stacked Policies
    6. Configure Syslog Profiles
    Download PDF

    Prisma SD-WAN Administrator’s Guide

    Configure Syslog Profiles

    Table of Contents

    Configure Syslog Profiles

    Learn more about creating and configuring syslog profiles in Prisma SD-WAN.
    Where Can I Use This?What Do I Need?
    • Prisma SD-WAN
    • Active Prisma SD-WAN license
    Prisma SD-WAN allows to use the same syslog profile configurations across multiple devices. Create a Syslog Profile from the Prisma SD-WAN web interface for forwarding the Log Collector logs as syslog messages to a syslog server. ION device supports syslog RFC 5424 format for all the protocols.
    Syslog message format is structured as follows:
    • Syslog message format
      ION_HOST="hostname" DEVICE_TIME="timestamp" MSG="pam-session-opened by (uid=0)" SEVERITY="minor" PROCESS_NAME="sshd" FACILITY="authpriv" USER="elem-admin" ELEMENT_ID="id"
    1. Select ManageResourcesConfiguration Profiles and click Syslog.
    2. To add a Syslog profile, click Create Syslog Profile.
      1. Enter a Name for the Syslog profile.
        This is a mandatory field.
      2. (Optional) Enter a Description for the Syslog profile.
      3. (Optional) Enter Tags to enhance the search mechanism while querying common attributes.
        Tags are used for reporting purposes and can help search for Syslog profiles with specific common attributes. For example, you can use the UDP_EXPORTER tag to search for Syslog profiles using UDP Protocol.
      4. Select Enable Flow Logging to export flow logs to the Syslog profile.
      5. Select the Severity Level from a severity level of Critical, Major, or Minor.
        When a severity level is set for a device, logs and events for the selected severity level and a higher level are exported to the Syslog profile.
      6. Select the protocol type as TCP, or UDP, or TLS for the Protocol field.
        The default protocol is UDP.
        If you select TLS as the protocol type, the Import Certificate option specifies the certificate file.
        Click View Certificate to view the selected certificate and Clear to remove the certificate.
        • Syslog connection fails if Self Signed certificate is uploaded.
        • If the FQDN server selects as a server, FQDN should match the subject alternate name (SAN) in the peer certificate.
        • Prisma SD-WAN supports only TLS version1.2.
      7. If you select Server IP, enter the Syslog Server IP address. Or, if you choose Server FQDN (fully qualified domain name), enter the Syslog Server FQDN domain name.
        This field is mandatory. You must provide either a Server IP address or a Server FQDN address.
      8. Enter the Syslog Server port number in the Server Port field.
        The default port is 514 for TCP or UDP and 6514 for TLS.
      9. Click Save to save the Syslog profile configuration.
    3. To edit the existing syslog profiles, click the ellipsis and Edit.
      • To clone the existing syslog profile, click Clone to add a new cloned syslog profile.
      • To delete a syslog profile, click Delete.
    4. Click Save to save the Syslog profile configuration.

    © 2024 Palo Alto Networks, Inc. All rights reserved.