Configure system logging on your Palo Alto Networks devices
To configure your Palo Alto Networks devices to capture event fields and send security-related log information over TCP or UDP to a server running a syslog server, complete the following tasks:
- Create a syslog server profile. Use the port number to point your Palo Alto Networks deployment to the port that is listening on the syslog server. The default port number is 514.
- Apply syslog profile to relevant data types.
- Verify that your syslog server is able to connect to your Palo Alto Networks device.
- Configure Palo Alto Networks device to use syslog server profile for log forwarding rules.
- Confirm that your Palo Alto Networks device is able to reach the syslog server using the assigned port number.
Configure a syslog-ng server to send Palo Alto Networks data to your Splunk platform deployment | Install a heavy forwarder on each syslog-ng server |
This documentation applies to the following versions of Splunk® Enterprise: 7.2.0, 7.2.1, 7.2.2, 7.2.3, 7.2.4, 7.2.5, 7.2.6, 7.2.7, 7.2.8, 7.2.9, 7.2.10, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, 7.3.5, 7.3.6, 7.3.7, 7.3.8, 7.3.9, 8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.0.5, 8.0.6, 8.0.7, 8.0.8, 8.0.9, 8.0.10
Feedback submitted, thanks!