Configure PaloAlto Devices

To configure your PaloAlto devices, create a Syslog server profile and assign it to the log settings for each log type.

To configure a Syslog server profile

1. Connect to your PaloAlto device: launch an Internet browser and enter the IP address of the firewall in the URL field (https://<IP address>).
2. In the Web Interface, navigate to Device → Server Profiles → Syslog.
3. Click Add and specify profile name, for example, "SyslogProf1".

4. Specify syslog server parameters:

   Parameter	Description
   Name	Specify unique name for a syslog server.
   Syslog Server	Provide a server name by entering its FQDN or IPv4 address.
   Transport	Select UDP.
   Port	Provide the name of the UDP port used to listen to network devices (514 port used by default).
   Format	Select IETF.
   Facility	Netwrix recommends using default values.

To configure syslog forwarding

1. In the Web Interface, navigate to Device → Log Settings.
2. For System, Config and User-ID logs, click Add and enter unique name of your syslog server.
3. On the syslog panel, click Add and select the syslog profile you created above.

4. Click Commit and review the logs on the syslog server.