Configure A Palo Alto Firewall To Send Syslog To AIS Managed SIEM
1. Add a new syslog server profile:
Name: AIS_SIEM Server: syslog.aislabs.com Transport: UDP Port: !!Provided in email!! Format: BSD Facility: LOG_USER
2. Configure syslog forwarding for Traffic, Threat, and WildFire Submission logs
a. Select Objects gt Log Forwarding, click Add, and enter “AIS_FORWARDING” to identify the profile.
b. For each log type, each severity level, or WildFire verdict, select the “AIS_FORWARDING” Syslog server profile and click OK.
c. Assign the “AIS_FORWARDING” log forwarding profile to all of the security rules
3. To forward logs for a specific security policy / firewall rule:
a. Select Policies gt Security
b. Click the policy in which you want to configure log forwarding
c. Select Actions
d. Select the profile to forward the logs to in the Log Forwarding dropdown list
e. Click OK
4. Configure syslog forwarding for System, Config, HIP Match, and Correlation logs
a. Select Device gt Log Settings
b. For system and Correlation logs, click each Severity level, select the AIS_SIEM profile, and click OK.
c. For Config, HIP Match, and Correlation logs, click the Edit icon, select the AIS_SIEM profile, and click OK.
5. Commit the changes
1. Add a new syslog server profile:
Name: AIS_SIEM Server: syslog.aislabs.com Transport: UDP Port: !!Provided in email!! Format: BSD Facility: LOG_USER
2. Configure syslog forwarding for Traffic, Threat, and WildFire Submission logs
a. Select Objects gt Log Forwarding, click Add, and enter “AIS_FORWARDING” to identify the profile.
b. For each log type, each severity level, or WildFire verdict, select the “AIS_FORWARDING” Syslog server profile and click OK.
c. Assign the “AIS_FORWARDING” log forwarding profile to all of the security rules
3. To forward logs for a specific security policy / firewall rule:
a. Select Policies gt Security
b. Click the policy in which you want to configure log forwarding
c. Select Actions
d. Select the profile to forward the logs to in the Log Forwarding dropdown list
e. Click OK
4. Configure syslog forwarding for System, Config, HIP Match, and Correlation logs
a. Select Device gt Log Settings
b. For system and Correlation logs, click each Severity level, select the AIS_SIEM profile, and click OK.
c. For Config, HIP Match, and Correlation logs, click the Edit icon, select the AIS_SIEM profile, and click OK.
5. Commit the changes
Last modified
April 15, 2021