Configure Syslog Profiles

Learn more about creating and configuring syslog profiles in Prisma SD-WAN.
Prisma SD-WAN allows to use the same syslog profile configurations across multiple devices. Create a Syslog Profile from the Prisma SD-WAN web interface for forwarding the Log Collector logs as syslog messages to a syslog server. ION device supports syslog RFC 5424 format for all the protocols.
Syslog message format is structured as follows:
  • Syslog message format
    ION_HOST="
    hostname
    " DEVICE_TIME="
    timestamp
    " MSG="pam-session-opened by (uid=0)" SEVERITY="minor" PROCESS_NAME="sshd" FACILITY="authpriv" USER="elem-admin" ELEMENT_ID="
    id
    "
    Code copied to clipboard
    Unable to copy due to lack of browser support.
  1. Select
    Policies
    Stacked Policies
    and click
    Syslog Profiles
    .
  2. To add a Syslog profile, click
    Create Syslog Profile
    .
    1. Enter a
      Name
      for the Syslog profile.
      This is a mandatory field.
    2. (Optional)
      Enter a
      Description
      for the Syslog profile.
    3. (Optional)
      Enter
      Tags
      to enhance the search mechanism while querying common attributes.
      Tags are used for reporting purposes and can help search for Syslog profiles with specific common attributes. For example, you can use the UDP_EXPORTER tag to search for Syslog profiles using UDP Protocol.
    4. Select
      Enable Flow Logging
      to export flow logs to the Syslog profile.
    5. Select the
      Severity Level
      from a severity level of
      Critical
      ,
      Major
      , or
      Minor
      .
      When a severity level is set for a device, logs and events for the selected severity level and a higher level are exported to the Syslog profile.
    6. Select the protocol type as
      TCP
      , or
      UDP
      , or
      TLS
      for the
      Protocol
      field.
      The default protocol is UDP.
      If you select TLS as the protocol type, the
      Import Certificate
      option specifies the certificate file.
      Click
      View Certificate
      to view the selected certificate and
      Clear
      to remove the certificate.
      • Syslog connection fails if Self Signed certificate is uploaded.
      • If the FQDN server selects as a server, FQDN should match the subject alternate name (SAN) in the peer certificate.
      • Prisma SD-WAN supports only TLS version1.2.
    7. If you select
      Server IP
      , enter the Syslog Server IP address. Or, if you choose
      Server FQDN
      (fully qualified domain name), enter the Syslog Server FQDN domain name.
      This field is mandatory. You must provide either a Server IP address or a Server FQDN address.
    8. Enter the Syslog Server port number in the
      Server Port
      field.
      The default port is 514 for TCP or UDP and 6514 for TLS.
    9. Click
      Save
      to save the Syslog profile configuration.
  3. To edit the existing syslog profiles, click the ellipsis and
    Edit
    .
    • To clone the existing syslog profile, click
      Clone
      to add a new cloned syslog profile.
    • To delete a syslog profile, click
      Delete
      .
  4. Click
    Save
    to save the Syslog profile configuration.

Recommended For You