Configure PaloAlto Devices

To configure your PaloAlto devices, create a Syslog server profile and assign it to the log settings for each log type.

To configure a Syslog server profile

  1. Connect to your PaloAlto device: launch an Internet browser and enter the IP address of the firewall in the URL field (https://<IP address>).
  2. In the Web Interface, navigate to Device Server Profiles Syslog.
  3. Click Add and specify profile name, for example, "SyslogProf1".
  4. Specify syslog server parameters:

    Parameter Description


    Specify unique name for a syslog server.

    Syslog Server

    Provide a server name by entering its FQDN or IPv4 address.


    Select UDP.


    Provide the name of the UDP port used to listen to network devices (514 port used by default).


    Select IETF.


    Netwrix recommends using default values.

To configure syslog forwarding

  1. In the Web Interface, navigate to Device Log Settings.
  2. For System, Config and User-ID logs, click Add and enter unique name of your syslog server.
  3. On the syslog panel, click Add and select the syslog profile you created above.
  4. Click Commit and review the logs on the syslog server.