>
    Strata Copilot
    Configure a Syslog Receiver for SSPM
    Focus
    Download PDF
    Focus
    1. Home
    2. SaaS Security
    3. Assess Posture Security
    4. Configure a Syslog Receiver for SSPM
    Download PDF
    SaaS Security

    Configure a Syslog Receiver for SSPM

    Table of Contents

    Configure a Syslog Receiver for SSPM

    You can configure SSPM send log information to a syslog server, such as Splunk.
    Where Can I Use This?What Do I Need?
    • Strata Cloud Manager
    • SaaS Security Posture Management license
    Or any of the following licenses that include the Data Security license:
    • CASB-X
    • CASB-PA
    Syslog is a standard log transport mechanism that enables the aggregation of log data from different sources into a central repository for archiving. SSPM can forward logs to an external syslog server, which is also called a syslog receiver. To configure SSPM to send logs to a syslog server, you provide SSPM with the IP address of the syslog server and the port on which the syslog server receives new events.
    This syslog feature requires TLS 1.0 (or later) communications protocol for connections between SSPM and the external syslog server.
    1. Log in to Strata Cloud Manager.
    2. Select ConfigurationSaaS SecuritySettingsDirectory & External Services.
    3. Click Add Syslog/API Client to create a Syslog server profile.
    4. If necessary, select Syslog Receiver as the Service Type.
    5. Enter a Name for the profile.
    6. Specify the information that SSPM needs to connect to the syslog server.
      • SERVER IP ADDRESS—IP address of the syslog server.
      • PORT—The port number on which you send syslog messages. You must use the same port number for Data Security and the syslog server.
      • FACILITY—Select a syslog standard value (for example, LOG_USER) to calculate the priority (PRI) field in your syslog server implementation. The PRI part of the syslog message represents the Facility and Severity of the message. Select the value that maps to how you use the PRI field to manage your syslog messages. Values can be LOG_USER or LOG_LOCAL0 through LOG_LOCAL7.
      • MESSAGE FORMAT—Select the syslog message format to use: BSD or IETF. Traditionally, IETF format is used over TCP or SSL.
    7. Save your changes.
    8. On the Syslog server, self-sign your server and create the SSL certificate, then enable TLS in the syslog configuration, setting the TLS option to peer-verify(optional-untrusted).

    © 2026 Palo Alto Networks, Inc. All rights reserved.