Configure system logging on your Palo Alto Networks devices
To configure your Palo Alto Networks devices to capture event fields and send security-related log information over TCP or UDP to a server running a syslog server, complete the following tasks:
- Create a syslog server profile. Use the port number to point your Palo Alto Networks deployment to the port that is listening on the syslog server. The default port number is 514.
- Apply syslog profile to relevant data types.
- Verify that your syslog server is able to connect to your Palo Alto Networks device.
- Configure your Palo Alto Networks device to use syslog server profile for log forwarding rules.
- Confirm that your Palo Alto Networks device is able to reach the syslog server using the assigned port number.
Configure a syslog-ng server to send Palo Alto Networks data to your Splunk Enterprise deployment
Enable a receiver on your Splunk Enterprise instance
This documentation applies to the following versions of Splunk® Enterprise: 7.2.0, 7.2.1, 7.2.2, 7.2.3, 7.2.4, 7.2.5, 7.2.6, 7.2.7, 7.2.8, 7.2.9, 7.2.10, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, 7.3.5, 7.3.6, 7.3.7, 7.3.8, 7.3.9, 8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.0.5, 8.0.6, 8.0.7, 8.0.8