Configure Syslog Server Support

Learn more about the Prisma SD-WAN syslog server support configuration.
Prisma SD-WAN allows to configure the Syslog Server Support. From release 5.6.1, you can create or attach a Syslog Profile from the Prisma SD-WAN web interface for forwarding the Log Collector logs as syslog messages to a syslog server.
  1. Select
    Map
    Claimed Devices
    on the Prisma SD-WAN web interface.
  2. Select the ION device to export the logs to a Syslog server and click
    Configure the device
    .
  3. On the Device Configuration page, select the
    Syslog Export
    .
  4. Click
    Create Syslog Server
    to create a new Syslog Server.
  5. Create a Syslog Exporter from the
    Add Syslog Server
    screen.
    1. Select
      Enable this Syslog Server
      field to enable the Syslog server.
    2. Enter a
      Name
      for the Syslog server.
      This is a mandatory field.
    3. (Optional)
      Enter a
      Description
      for the Syslog server.
    4. (Optional)
      Enter
      Tags
      to enhance the search mechanism while querying common attributes.
      Tags are used for reporting purposes and can help search for Syslog exporters with certain common attributes. For example, you can use the UDP_EXPORTER tag to search for Syslog exporters using UDP Protocol.
    5. Select
      Use Syslog Profile
      to choose an existing syslog profile from the list.
    6. (Optional)
      Enter a
      Source Interface
      for the S yslog server.
      If no value is entered for this field, then the controller port is considered as the default source interface.
      A bypass pair cannot be considered as a source interface.
    7. Select a syslog profile from the
      Syslog Profile
      list.
    8. Select
      Custom Configuration
      to override all the created syslog profiles.
      You can either choose
      Use Syslog Profile
      or
      Custom Configuration
      . Selecting one of them is mandatory.
      The
      Prefill values from a preset Syslog Profile?
      allows to create or choosing a profile to prefill values from the existing syslog profile list and make changes if required.
    9. Select
      Enable Flow Logging
      to export flow logs to the Syslog server.
    10. Select the
      Severity Level
      from a severity level of
      critical
      ,
      major
      , or
      minor
      .
      When a severity level is set for a device, logs and events for the selected severity level and a higher level are exported to the Syslog profile.
    11. Select the protocol type as
      TCP
      , or
      UDP
      , or
      TLS
      for the
      Protocol
      field.
      The default protocol is UDP.
      If you select TLS as the protocol type, the
      Import Certificate
      option specifies the certificate file.
      Click
      View Certificate
      to view the selected certificate and
      Clear
      to remove the certificate.
      • Syslog connection fails if Self Signed certificate is uploaded.
      • If the FQDN server selects as a server, FQDN should match the subject alternate name (SAN) in the peer certificate.
      • Prisma SD-WAN supports only TLS version1.2.
    12. If you select
      Server IP
      , enter the Syslog Server IP address. Or, if you choose
      Server FQDN
      (fully qualified domain name), enter the Syslog Server FQDN domain name.
      This field is mandatory. You must provide either a Server IP address or an Server FQDN address.
    13. Enter the Syslog Server port number in the
      Server Port
      field.
      The default port is 514 for TCP or UDP and 6514 for TLS.
  6. Click
    Save
    to save the Syslog export configuration.

Recommended For You