Configure Syslog Server Support

1. Select Workflows DevicesClaimed Devices.
2. Select the ION device to export the logs to a Syslog server and click Configure the device.
3. On the Device Configuration page, select the Syslog Export.
4. Click Create Syslog Server to create a new Syslog Server.
5. Create a Syslog Exporter from the Add Syslog Server screen.

   1. Select Enable this Syslog Server field to enable the Syslog server.
   2. Enter a Name for the Syslog server.

      This is a mandatory field.
   3. (Optional) Enter a Description for the Syslog server.
   4. (Optional) Enter Tags to enhance the search mechanism while querying common attributes.

      Tags are used for reporting purposes and can help search for Syslog exporters with certain common attributes. For example, you can use the UDP_EXPORTER tag to search for Syslog exporters using UDP Protocol.
   5. Select Use Syslog Profile to choose an existing syslog profile from the list.

   6. (Optional) Enter a Source Interface for the Syslog server. You can now select the associated VRF interface (global or custom).

      If no value is entered for this field, then the controller port is considered as the default source interface.

      A bypass pair cannot be considered as a source interface.
   7. Select a syslog profile from the Syslog Profile list.
   8. Select Custom Configuration to override all the created syslog profiles.

      You can either choose Use Syslog Profile or Custom Configuration. Selecting one of them is mandatory.

      The Prefill values from a preset Syslog Profile? allows to create or choosing a profile to prefill values from the existing syslog profile list and make changes if required.

   9. Select Enable Flow Logging to export flow logs to the Syslog server.
   10. Select the Severity Level from a severity level of critical, major, or minor.

       When a severity level is set for a device, logs and events for the selected severity level and a higher level are exported to the Syslog profile.
   11. Select the protocol type as TCP, or UDP, or TLS for the Protocol field.

       The default protocol is UDP.

       If you select TLS as the protocol type, the Import Certificate option is enabled. Click Import Certificate to upload the certificate.

       Click View Certificate to view the selected certificate and Clear to remove the certificate.

       Beginning with Release 6.2.1, ION devices utilize OpenSSL 1.1.1g. As a result, certificates generated using older OpenSSL versions (1.0.x) may not work due to deprecated or unsupported algorithms. To ensure successful TLS connections with ION devices, it is recommended to use newer software stacks such as OpenSSL 1.1.1, Ubuntu 18.x, or certtool from the GnuTLS package on Syslog collector machines.

       Note that ION devices will no longer support OpenSSL 1.0.x as of Release 6.2.1.

       • Syslog connection fails if Self Signed certificate is uploaded.
       • If the FQDN server selects as a server, FQDN should match the subject alternate name (SAN) in the peer certificate.
       • Prisma SD-WAN supports only TLS version 1.2.
   12. If you select Server IP, enter the Syslog Server IP address. Or, if you choose Server FQDN (fully qualified domain name), enter the Syslog Server FQDN domain name.

       This field is mandatory. You must provide either a Server IP address or an Server FQDN address.
   13. Enter the Syslog Server port number in the Server Port field.

       The default port is 514 for TCP or UDP and 6514 for TLS.
6. Click Save to save the Syslog export configuration.