Configure a Palo Alto Networks firewall to forward syslogs

1. To configure a syslog server profile in your PAN user interface, select Device > Server Profiles > Syslog.
2. Click Add, input a Name for your server profile, then select a Location where the profile is available: virtual system(vsys) or Shared.
3. Click Add, then specify the following details:
   • Name: LogForwardActZero
   • Syslog Server: the internal IP of the ActZero VM
   • Transport: UDP
   • Port: 514
   • Format: BSD
   • Facility: LOG_USER
4. Click OK to save.
5. To configure the firewall to forward logs, select Object > Log Forwarding, then click Add and input a name for the log forwarding profile.
6. For each log type, select the syslog server profile you created above, then click OK.
7. To trigger the firewall to generate and forward logs, assign the log forwarding profile to a security policy. From Policies > Security, select a policy rule. In the Actions tab, select the log forwarding profile you created.
8. For profile type, use the drop-down to select Profile or Group, then select the security profiles that trigger the firewall to generate logs.
9. For traffic logs, check the box for Log at Session End, then click OK.
10. To forward system and correlation logs, select Device > Log Settings. Click each Security level, then select the syslog server profile you created, then click OK.
11. Click Commit to save all your changes.

Reference Palo Alto Networks documentation for further detail.

Was this documentation helpful? Please send us your feedback!