Use Syslog for Monitoring
Focus
Focus
Next-Generation Firewall

Use Syslog for Monitoring

Table of Contents

Use Syslog for Monitoring

Where Can I Use This?What Do I Need?
  • NGFW (Managed by PAN-OS or Panorama)
  • Support license
  • (Panorama) Device management license
Syslog is a widely adopted standard for centralizing log data from various network devices, including routers, firewalls, and printers, regardless of the vendor. It's a fundamental tool for collecting and aggregating event logs into a central repository. This consolidation allows for effective archiving, analysis, and reporting across your network infrastructure.
Palo Alto Network firewalls can leverage this standard to forward every type of log they generate to an external syslog server. This capability is vital for organizations that need to maintain a comprehensive record of network activity, security events, and system health. You can configure log forwarding to meet your specific security and reliability needs.
For secure and reliable log forwarding, you can use TCP or TLS (specifically TLSv1.2). TCP ensures that packets are delivered and reassembled in the correct order, while TLS adds an extra layer of encryption, protecting sensitive log data in transit. If security is not a primary concern and you prefer a faster, more lightweight protocol, you can opt for UDP. The choice of protocol depends on the balance you need between speed, reliability, and security.