Configure Syslog Server Support

Learn more about the Prisma SD-WAN syslog server support configuration.
Prisma SD-WAN allows to configure the Syslog Server Support. From release 5.6.1, you can create or attach a Syslog Profile from the Prisma SD-WAN web interface for forwarding the Log Collector logs as syslog messages to a syslog server.
  1. Select
    Claimed Devices
    on the Prisma SD-WAN web interface.
  2. Select the ION device to export the logs to a Syslog server and click
    Configure the device
  3. On the Device Configuration page, select the
    Syslog Export
  4. Click
    Create Syslog Server
    to create a new Syslog Server.
  5. Create a Syslog Exporter from the
    Add Syslog Server
    1. Select
      Enable this Syslog Server
      field to enable the Syslog server.
    2. Enter a
      for the Syslog server.
      This is a mandatory field.
    3. (Optional)
      Enter a
      for the Syslog server.
    4. (Optional)
      to enhance the search mechanism while querying common attributes.
      Tags are used for reporting purposes and can help search for Syslog exporters with certain common attributes. For example, you can use the UDP_EXPORTER tag to search for Syslog exporters using UDP Protocol.
    5. Select
      Use Syslog Profile
      to choose an existing syslog profile from the list.
    6. (Optional)
      Enter a
      Source Interface
      for the S yslog server.
      If no value is entered for this field, then the controller port is considered as the default source interface.
      A bypass pair cannot be considered as a source interface.
    7. Select a syslog profile from the
      Syslog Profile
    8. Select
      Custom Configuration
      to override all the created syslog profiles.
      You can either choose
      Use Syslog Profile
      Custom Configuration
      . Selecting one of them is mandatory.
      Prefill values from a preset Syslog Profile?
      allows to create or choosing a profile to prefill values from the existing syslog profile list and make changes if required.
    9. Select
      Enable Flow Logging
      to export flow logs to the Syslog server.
    10. Select the
      Severity Level
      from a severity level of
      , or
      When a severity level is set for a device, logs and events for the selected severity level and a higher level are exported to the Syslog profile.
    11. Select the protocol type as
      , or
      , or
      for the
      The default protocol is UDP.
      If you select TLS as the protocol type, the
      Import Certificate
      option specifies the certificate file.
      View Certificate
      to view the selected certificate and
      to remove the certificate.
      • Syslog connection fails if Self Signed certificate is uploaded.
      • If the FQDN server selects as a server, FQDN should match the subject alternate name (SAN) in the peer certificate.
      • Prisma SD-WAN supports only TLS version1.2.
    12. If you select
      Server IP
      , enter the Syslog Server IP address. Or, if you choose
      Server FQDN
      (fully qualified domain name), enter the Syslog Server FQDN domain name.
      This field is mandatory. You must provide either a Server IP address or an Server FQDN address.
    13. Enter the Syslog Server port number in the
      Server Port
      The default port is 514 for TCP or UDP and 6514 for TLS.
  6. Click
    to save the Syslog export configuration.

Recommended For You