Focus

Prisma SD-WAN

Configure Syslog Profiles

Table of Contents

Filter

Expand All | Collapse All

Prisma SD-WAN Docs

Activation & Onboarding
Administration
CloudBlades
Select a Document
- CloudBlade Integrations
- CloudBlades Integration with Prisma Access
Deployment
Incidents & Alerts
Reference
Release Notes
Select a Document
- 6.5
- 6.4
- 6.3
- 6.1
- 5.6
- Prisma SD-WAN Controller
- Prisma SD-WAN On-Premises Controller
- Prisma SD-WAN CloudBlades
- Prisma Access CloudBlade Cloud Managed
- Prisma Access CloudBlade Panorama Managed
Prisma SASE

Configure Global and Local Prefixes

Device Management Policies

Configure Syslog Profiles

Learn more about creating and configuring syslog profiles in Prisma SD-WAN.

Where Can I Use This?	What Do I Need?
Prisma SD-WAN (Managed by `Strata Cloud Manager`)	Prisma SD-WAN

Prisma SD-WAN allows to use the same syslog profile configurations across multiple devices. Create a Syslog Profile from the Prisma SD-WAN web interface for forwarding the Log Collector logs as syslog messages to a syslog server. ION device supports syslog RFC 5424 format for all the protocols.

Syslog message format is structured as follows:

Syslog message format

ION_HOST="hostname" DEVICE_TIME="timestamp" MSG="pam-session-opened by (uid=0)" SEVERITY="minor" PROCESS_NAME="sshd" FACILITY="authpriv" USER="elem-admin" ELEMENT_ID="id"

Select ConfigurationPrisma SD-WANProfiles and TemplatesSyslog.
To add a Syslog profile, click Create Syslog Profile.
1. Enter a Name for the Syslog profile.
  This is a mandatory field.
2. (Optional) Enter a Description for the Syslog profile.
3. (Optional) Enter Tags to enhance the search mechanism while querying common attributes.
  Tags are used for reporting purposes and can help search for Syslog profiles with specific common attributes. For example, you can use the UDP_EXPORTER tag to search for Syslog profiles using UDP Protocol.
4. Select Enable Flow Logging to export flow logs to the Syslog profile.
5. Select the Severity Level from a severity level of Critical, Major, or Minor.
  When a severity level is set for a device, logs and events for the selected severity level and a higher level are exported to the Syslog profile.
6. Select the protocol type as TCP, or UDP, or TLS for the Protocol field.
  The default protocol is UDP.
  If you select TLS as the protocol type, the Import Certificate option specifies the certificate file.
  Click View Certificate to view the selected certificate and Clear to remove the certificate.
  
  Syslog connection fails if Self Signed certificate is uploaded.
  If the FQDN server selects as a server, FQDN should match the subject alternate name (SAN) in the peer certificate.
  Prisma SD-WAN supports only TLS version1.2.
7. If you select Server IP, enter the Syslog Server IP address. Or, if you choose Server FQDN (fully qualified domain name), enter the Syslog Server FQDN domain name.
  This field is mandatory. You must provide either a Server IP address or a Server FQDN address.
8. Enter the Syslog Server port number in the Server Port field.
  The default port is 514 for TCP or UDP and 6514 for TLS.
9. Click Save to save the Syslog profile configuration.
To edit the existing syslog profiles, click the ellipsis and Edit.
To clone the existing syslog profile, click Clone to add a new cloned syslog profile.
To delete a syslog profile, click Delete.
Click Save to save the Syslog profile configuration.

Configure Global and Local Prefixes

Device Management Policies

Prisma SD-WAN Docs

Configure Syslog Profiles

Prisma SD-WAN Docs

Configure Syslog Profiles

Activation & Onboarding

SASE

Visibility & Monitoring

FedRAMP

Hardware Reference

Hardware Quick Start Guides

Virtual ION Deployment

Prisma SD-WAN Integration

Prisma SD-WAN Experts Corner

Best Practices

Resources