Configure A Palo Alto Firewall To Send Syslog To AIS Managed SIEM

1. Add a new syslog server profile:

Name: AIS_SIEM Server: syslog.aislabs.com Transport: UDP Port: !!Provided in email!! Format: BSD Facility: LOG_USER  
2. Configure syslog forwarding for Traffic, Threat, and WildFire Submission logs

a. Select Objects gt Log Forwarding, click Add, and enter “AIS_FORWARDING” to identify the profile.

b. For each log type, each severity level, or WildFire verdict, select the “AIS_FORWARDING” Syslog server profile and click OK.

c. Assign the “AIS_FORWARDING” log forwarding profile to all of the security rules

3. To forward logs for a specific security policy / firewall rule:

a. Select Policies gt Security

b. Click the policy in which you want to configure log forwarding

c. Select Actions

d. Select the profile to forward the logs to in the Log Forwarding dropdown list

e. Click OK

4. Configure syslog forwarding for System, Config, HIP Match, and Correlation logs

a. Select Device gt Log Settings

b. For system and Correlation logs, click each Severity level, select the AIS_SIEM profile, and click OK.

c. For Config, HIP Match, and Correlation logs, click the Edit icon, select the AIS_SIEM profile, and click OK.

5. Commit the changes

2 minute read

1. Add a new syslog server profile:

Name: AIS_SIEM Server: syslog.aislabs.com Transport: UDP Port: !!Provided in email!! Format: BSD Facility: LOG_USER
2. Configure syslog forwarding for Traffic, Threat, and WildFire Submission logs

a. Select Objects gt Log Forwarding, click Add, and enter “AIS_FORWARDING” to identify the profile.

b. For each log type, each severity level, or WildFire verdict, select the “AIS_FORWARDING” Syslog server profile and click OK.

c. Assign the “AIS_FORWARDING” log forwarding profile to all of the security rules

3. To forward logs for a specific security policy / firewall rule:

a. Select Policies gt Security

b. Click the policy in which you want to configure log forwarding

c. Select Actions

d. Select the profile to forward the logs to in the Log Forwarding dropdown list

e. Click OK

4. Configure syslog forwarding for System, Config, HIP Match, and Correlation logs

a. Select Device gt Log Settings

b. For system and Correlation logs, click each Severity level, select the AIS_SIEM profile, and click OK.

c. For Config, HIP Match, and Correlation logs, click the Edit icon, select the AIS_SIEM profile, and click OK.

5. Commit the changes

AIS Managed SIEM

Cloud-based Security Information and Event Management platform that provides the proactive, preventative maintenance and technology you need to secure your workstations, servers, devices and networks. Multi-Platform Protection for Critical Business-Grade Anti-Virus and Analytics, Enterprise-Grade Anti-Malware Threat Intelligence, Filtering Web Content, Firewall Services, Reviewing firewall rules, Patching the latest vulnerabilities discovered, Inbound and Outbound Email Security.


Last modified April 15, 2021
Get Started Now