Configure Syslog Server Support

Select
Workflows
Devices
Claimed Devices
.
Select the ION device to export the logs to a Syslog server and click
Configure the device
.
On the Device Configuration page, select the
Syslog Export
.
Click
Create Syslog Server
to create a new Syslog Server.
Create a Syslog Exporter from the
Add Syslog Server
screen.
Select
Enable this Syslog Server
field to enable the Syslog server.
Enter a
Name
for the Syslog server.
This is a mandatory field.
(Optional)
Enter a
Description
for the Syslog server.
(Optional)
Enter
Tags
to enhance the search mechanism while querying common attributes.
Tags are used for reporting purposes and can help search for Syslog exporters with certain common attributes. For example, you can use the UDP_EXPORTER tag to search for Syslog exporters using UDP Protocol.
Select
Use Syslog Profile
to choose an existing syslog profile from the list.

(Optional)
Enter a
Source Interface
for the Syslog server.
If no value is entered for this field, then the controller port is considered as the default source interface.
A bypass pair cannot be considered as a source interface.
Select a syslog profile from the
Syslog Profile
list.
Select
Custom Configuration
to override all the created syslog profiles.
You can either choose
Use Syslog Profile
or
Custom Configuration
. Selecting one of them is mandatory.
The
Prefill values from a preset Syslog Profile?
allows to create or choosing a profile to prefill values from the existing syslog profile list and make changes if required.

Select
Enable Flow Logging
to export flow logs to the Syslog server.
Select the
Severity Level
from a severity level of
critical
,
major
, or
minor
.
When a severity level is set for a device, logs and events for the selected severity level and a higher level are exported to the Syslog profile.
Select the protocol type as
TCP
, or
UDP
, or
TLS
for the
Protocol
field.
The default protocol is UDP.
If you select TLS as the protocol type, the
Import Certificate
option is enabled. Click
Import Certificate
to upload the certificate.
Click
View Certificate
to view the selected certificate and
Clear
to remove the certificate.
Beginning with Release 6.2.1, ION devices utilize OpenSSL 1.1.1g. As a result, certificates generated using older OpenSSL versions (1.0.x) may not work due to deprecated or unsupported algorithms. To ensure successful TLS connections with ION devices, it is recommended to use newer software stacks such as OpenSSL 1.1.1, Ubuntu 18.x, or certtool from the GnuTLS package on Syslog collector machines.
Note that ION devices will no longer support OpenSSL 1.0.x as of Release 6.2.1.
Syslog connection fails if Self Signed certificate is uploaded.
If the FQDN server selects as a server, FQDN should match the subject alternate name (SAN) in the peer certificate.
Prisma SD-WAN
supports only TLS version 1.2.
If you select
Server IP
, enter the Syslog Server IP address. Or, if you choose
Server FQDN
(fully qualified domain name), enter the Syslog Server FQDN domain name.
This field is mandatory. You must provide either a Server IP address or an Server FQDN address.
Enter the Syslog Server port number in the
Server Port
field.
The default port is 514 for TCP or UDP and 6514 for TLS.
Click
Save
to save the Syslog export configuration.