Focus

Configure Syslog Profiles

Table of Contents

Filter

Expand All | Collapse All

Prisma SD-WAN Docs

Administration
Deployment
Incidents & Alerts
CloudBlades
Version
- AWS Transit Gateway
- Azure vWAN
- Azure vWAN with vION
- ChatBot for MS Teams
- ChatBot for Slack
- CloudBlades Integration with Prisma Access
- GCP NCC
- Service Now
- Zoom QSS
- Zscaler Internet Access
Reference
Release Notes
Version
- ION 5.2
- ION 5.3
- ION 5.4
- ION 5.5
- ION 5.6
- ION 6.0
- ION 6.1
- ION 6.2
- ION 6.3
- ION 6.4
- New Features Guide
- On-Premises Controller
- Prisma Access CloudBlade Cloud Managed
- Prisma Access CloudBlade Panorama Managed
- Prisma SD-WAN CloudBlades

Configure Local Prefixes

Prisma SD-WAN Stacked Security Policies

Configure Syslog Profiles

Learn more about creating and configuring syslog profiles in Prisma SD-WAN.

Where Can I Use This?	What Do I Need?
Prisma SD-WAN	Active Prisma SD-WAN license

Prisma SD-WAN allows to use the same syslog profile configurations across multiple devices. Create a Syslog Profile from the Prisma SD-WAN web interface for forwarding the Log Collector logs as syslog messages to a syslog server. ION device supports syslog RFC 5424 format for all the protocols.

Syslog message format is structured as follows:

Syslog message format

ION_HOST="hostname" DEVICE_TIME="timestamp" MSG="pam-session-opened by (uid=0)" SEVERITY="minor" PROCESS_NAME="sshd" FACILITY="authpriv" USER="elem-admin" ELEMENT_ID="id"

Select ManageResourcesConfiguration Profiles and click Syslog.
To add a Syslog profile, click Create Syslog Profile.
1. Enter a Name for the Syslog profile.
  This is a mandatory field.
2. (Optional) Enter a Description for the Syslog profile.
3. (Optional) Enter Tags to enhance the search mechanism while querying common attributes.
  Tags are used for reporting purposes and can help search for Syslog profiles with specific common attributes. For example, you can use the UDP_EXPORTER tag to search for Syslog profiles using UDP Protocol.
4. Select Enable Flow Logging to export flow logs to the Syslog profile.
5. Select the Severity Level from a severity level of Critical, Major, or Minor.
  When a severity level is set for a device, logs and events for the selected severity level and a higher level are exported to the Syslog profile.
6. Select the protocol type as TCP, or UDP, or TLS for the Protocol field.
  The default protocol is UDP.
  If you select TLS as the protocol type, the Import Certificate option specifies the certificate file.
  Click View Certificate to view the selected certificate and Clear to remove the certificate.
  
  Syslog connection fails if Self Signed certificate is uploaded.
  If the FQDN server selects as a server, FQDN should match the subject alternate name (SAN) in the peer certificate.
  Prisma SD-WAN supports only TLS version1.2.
7. If you select Server IP, enter the Syslog Server IP address. Or, if you choose Server FQDN (fully qualified domain name), enter the Syslog Server FQDN domain name.
  This field is mandatory. You must provide either a Server IP address or a Server FQDN address.
8. Enter the Syslog Server port number in the Server Port field.
  The default port is 514 for TCP or UDP and 6514 for TLS.
9. Click Save to save the Syslog profile configuration.
To edit the existing syslog profiles, click the ellipsis and Edit.
To clone the existing syslog profile, click Clone to add a new cloned syslog profile.
To delete a syslog profile, click Delete.
Click Save to save the Syslog profile configuration.