Network technologies and trends

Jan 20 2016   5:21AM GMT

How to configure log forwarding in Palo Alto Networks Firewall? – Series 1

Yasir Irfan Yasir Irfan Profile: Yasir Irfan

Default route
Layer 2
Palo Alto Networks
Security policy
Static route

We all know the importance of having historical logs for any references or forensic analysis. I have personally benefitted from historical records for various reasons and  it happens to be a good practice to forward all the logs of your firewall  to a logging server. The logging server could be as simple as Syslog Server, Palo Alto Panorama  or any SIEM solution like ARC Sight or QRadar etc., Also we all know firewalls cannot hold the logs for long time, once the log buffer is full the firewall losses the old logs. However I have noticed, compared to their competitors Palo Alto Networks Firewalls does posses good amount logging space.

In this post lets see how we can configure Palo Alto Networks Firewalls to forwards all the logs it generates to a logging server.

Step 1 – Add the Syslog Server

Device > Server Setting > Syslog > Add

Log forwaring 1

Step 2 – Configure the Syslog Server Profile

  1. Name : Provide a valid Name
  2. Click Add Button
  3. Provide a valid name for Syslog Server
  4. Assign the IP Address as shown below
  5. By default Syslog server listen on UDP port 514, if you are using custom port you can modify it

If you need to add multiple Syslog Servers then follow the Steps from step b to step e

Log forwarding 2

Step 3 – Create a Log Forwarding Profile

Objects > Log Forwarding > Add

In this step we are going to create a log forwarding profile which can be applied to Security rules to forward the logs

Log forwarding 3

To be continued…….

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: