PaloAlto Logging Integration

Before begin to configure the Logsign system, we need to setup PaloAlto properly.

1. Login your PaloAlto system. Then, go to "Server Profiles" and click on "Syslog" :
 
 

2. Click on "Add" then provide the following information :

  • Name : Give it a "Syslog Server" name.

  • Server : Enter the IP address of the remote Syslog server.

  • Port : "514".

  • Facility : "LOG_USER".

 

 

3. Now to go "Objects" → "Logon" and click on "Log Forwarding" :

4. Make sure that "Syslog Server Profile" is added on the "Threat Settings section" and "informational" is added under the severity rows :

Logsign Configuration :

Now, we are going to configure Logsign to collect the log files from the remote Syslog server.

1. Go to "Settings" → "Device List" and click on "Add new source" :

2. Select "SYSLOG" :

 

3. Select "PaloAlto"

 

4. Provide the following information :

  • IP : The IP address of the remote Syslog server.

  • Description : "Palo Alto"

  • Tag : "Palo Alto"

Have more questions? Submit a request

Comments