Configure PaloAlto Devices
To configure your PaloAlto devices, create a Syslog server profile and assign it to the log settings for each log type.
To configure a Syslog server profile
- Connect to your PaloAlto device: launch an Internet browser and enter the IP address of the firewall in the URL field (https://<IP address>).
- In the Web Interface, navigate to Device → Server Profiles → Syslog.
- Click Add and specify profile name, for example, "SyslogProf1".
-
Specify syslog server parameters:
Parameter Description Name
Specify unique name for a syslog server.
Syslog Server
Provide a server name by entering its FQDN or IPv4 address.
Transport
Select UDP.
Port
Provide the name of the UDP port used to listen to network devices (514 port used by default).
Format
Select IETF.
Facility
Netwrix recommends using default values.
To configure syslog forwarding
- In the Web Interface, navigate to Device → Log Settings.
- For System, Config and User-ID logs, click Add and enter unique name of your syslog server.
- On the syslog panel, click Add and select the syslog profile you created above.
-
Click Commit and review the logs on the syslog server.