Configure Access to Monitored Servers
Use the Server Monitoring section to
Addserver profiles that specify the servers (up to 100) the firewall will monitor.
Configure at least two User-ID monitored servers so if a server goes down, the firewall can still learn user-to-IP-address mappings.
Server Monitoring Settings
Enter a name for the server.
Enter a description of the server.
Select this option to enable log monitoring for this server.
Select the server type. Your selection determines which other fields this dialog displays.
Enter the server IP address or FQDN. This option doesn’t apply if the
Novell eDirectory only)
Syslog Sender only)
Select whether the User-ID agent listens for syslog messages on the
UDPport (514) or the
SSLport (6514). If you select
Syslog Service Profileyou select when you enable Server Monitoring determines which SSL/TLS versions are allowed and the certificate that the firewall uses to secure a connection to the syslog sender.
As a security best practice, select
SSLwhen using the PAN-OS integrated User-ID agent to map IP addresses to usernames. If you select
UDP, ensure that the syslog sender and client are both on a dedicated, secure network to prevent untrusted hosts from sending UDP traffic to the firewall.
Syslog Sender only)
If the server
Syslog Sender, then
Addone or more Syslog Parse profiles to use for extracting usernames and IP addresses from the syslog messages received from this server. You can add a custom profile (see Syslog Filters) or a predefined profile. For each profile, set the
If you add a predefined Syslog Parse profile, check its name to determine whether it is intended to match login or logout events.
Default Domain Name
Optional) If the server
Syslog Sender, enter a domain name to override the current domain name in the username of your syslog message or prepend the domain to the username if your syslog message doesn’t contain a domain.
Recommended For You
Recommended videos not found.