: Configure Syslog Server Support
Focus
Focus

Configure Syslog Server Support

Table of Contents

Configure Syslog Server Support

Syslog server support configuration for forwarding the Log Collector logs as syslog messages to a syslog server.
Prisma SD-WAN
allows to configure the Syslog Server Support. From release 5.6.1, you can create or attach a Syslog Profile from the
Prisma SD-WAN
web interface for forwarding the Log Collector logs as syslog messages to a syslog server.
  1. Select
    Workflows
    Devices
    Claimed Devices
    .
  2. Select the ION device to export the logs to a Syslog server and click
    Configure the device
    .
  3. On the Device Configuration page, select the
    Syslog Export
    .
  4. Click
    Create Syslog Server
    to create a new Syslog Server.
  5. Create a Syslog Exporter from the
    Add Syslog Server
    screen.
    1. Select
      Enable this Syslog Server
      field to enable the Syslog server.
    2. Enter a
      Name
      for the Syslog server.
      This is a mandatory field.
    3. (Optional)
      Enter a
      Description
      for the Syslog server.
    4. (Optional)
      Enter
      Tags
      to enhance the search mechanism while querying common attributes.
      Tags are used for reporting purposes and can help search for Syslog exporters with certain common attributes. For example, you can use the UDP_EXPORTER tag to search for Syslog exporters using UDP Protocol.
    5. Select
      Use Syslog Profile
      to choose an existing syslog profile from the list.
    6. (Optional)
      Enter a
      Source Interface
      for the Syslog server.
      You can now select the associated VRF interface (global or custom).
      If no value is entered for this field, then the controller port is considered as the default source interface.
      A bypass pair cannot be considered as a source interface.
    7. Select a syslog profile from the
      Syslog Profile
      list.
    8. Select
      Custom Configuration
      to override all the created syslog profiles.
      You can either choose
      Use Syslog Profile
      or
      Custom Configuration
      . Selecting one of them is mandatory.
      The
      Prefill values from a preset Syslog Profile?
      allows to create or choosing a profile to prefill values from the existing syslog profile list and make changes if required.
    9. Select
      Enable Flow Logging
      to export flow logs to the Syslog server.
    10. Select the
      Severity Level
      from a severity level of
      critical
      ,
      major
      , or
      minor
      .
      When a severity level is set for a device, logs and events for the selected severity level and a higher level are exported to the Syslog profile.
    11. Select the protocol type as
      TCP
      , or
      UDP
      , or
      TLS
      for the
      Protocol
      field.
      The default protocol is UDP.
      If you select TLS as the protocol type, the
      Import Certificate
      option is enabled. Click
      Import Certificate
      to upload the certificate.
      Click
      View Certificate
      to view the selected certificate and
      Clear
      to remove the certificate.
      Beginning with Release 6.2.1, ION devices utilize OpenSSL 1.1.1g. As a result, certificates generated using older OpenSSL versions (1.0.x) may not work due to deprecated or unsupported algorithms. To ensure successful TLS connections with ION devices, it is recommended to use newer software stacks such as OpenSSL 1.1.1, Ubuntu 18.x, or certtool from the GnuTLS package on Syslog collector machines.
      Note that ION devices will no longer support OpenSSL 1.0.x as of Release 6.2.1.
      • Syslog connection fails if Self Signed certificate is uploaded.
      • If the FQDN server selects as a server, FQDN should match the subject alternate name (SAN) in the peer certificate.
      • Prisma SD-WAN
        supports only TLS version 1.2.
    12. If you select
      Server IP
      , enter the Syslog Server IP address. Or, if you choose
      Server FQDN
      (fully qualified domain name), enter the Syslog Server FQDN domain name.
      This field is mandatory. You must provide either a Server IP address or an Server FQDN address.
    13. Enter the Syslog Server port number in the
      Server Port
      field.
      The default port is 514 for TCP or UDP and 6514 for TLS.
  6. Click
    Save
    to save the Syslog export configuration.

Recommended For You