Splunk® Enterprise

Add Palo Alto Networks data: Single instance

Acrobat logo Download manual as PDF

This documentation does not apply to the most recent version of Splunk. Click here for the latest version.
Acrobat logo Download topic as PDF

Configure system logging on your Palo Alto Networks devices

To configure your Palo Alto Networks devices to capture event fields and send security-related log information over TCP or UDP to a server running a syslog server, complete the following tasks:

  1. Create a syslog server profile. Use the port number to point your Palo Alto Networks deployment to the port that is listening on the syslog server. The default port number is 514.
  2. Apply syslog profile to relevant data types.
  3. Verify that your syslog server is able to connect to your Palo Alto Networks device.
  4. Configure your Palo Alto Networks device to use syslog server profile for log forwarding rules.
  5. Confirm that your Palo Alto Networks device is able to reach the syslog server using the assigned port number.
Last modified on 22 September, 2018
Configure a syslog-ng server to send Palo Alto Networks data to your Splunk Enterprise deployment
Enable a receiver on your Splunk Enterprise instance

This documentation applies to the following versions of Splunk® Enterprise: 7.2.0, 7.2.1, 7.2.2, 7.2.3, 7.2.4, 7.2.5, 7.2.6, 7.2.7, 7.2.8, 7.2.9, 7.2.10, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, 7.3.5, 7.3.6, 7.3.7, 7.3.8, 7.3.9, 8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.0.5, 8.0.6, 8.0.7, 8.0.8

Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters