Try Auvik Free
Try Auvik Free

How can we help?

  1. Auvik Support
  2. Audit and Reporting
  3. Device Configuration for Auvik Syslog

How to Configure Palo Alto Devices for Syslog Monitoring

Avatar
Lawrence Popa
Follow

If you're looking to send syslog messages from your Palo Alto firewall to your Auvik Collector, you'll need to configure the device to forward logs to the collector. This guide walks you through the process.

Prerequisites

Before you begin, make sure:

  • You have admin access to your Palo Alto firewall.
  • You know the IP address and port of the syslog server (e.g., the Auvik collector).
  • The syslog server is reachable from the firewall.

Define a Syslog Server Profile

  1. Log into the Palo Alto web interface.
  2. Navigate to Device > Server Profiles > Syslog.
  3. Click Add to create a new syslog profile.
  4. Give the profile a Name (e.g., AuvikSyslog).
  5. Under Syslog Servers, click Add and configure:
    • Name: Friendly name (e.g., AuvikCollector)
    • Server: IP address of the syslog server
    • Port: 514 (or your custom syslog port)
    • Transport: UDP (or TCP if configured)
    • Facility: Choose one (e.g., LOG_USER)
  6. Click OK to save.

Create a Log Forwarding Profile

  1. Navigate to Objects > Log Forwarding.
  2. Click Add.
  3. Name the profile (e.g., ForwardToAuvik).
  4. Under each log type tab (e.g., Traffic, Threat, System, Config), click Add and set:
    • Name: e.g., AllLogs
    • Check Forward Method > Syslog and select the profile created in Step 1.

Note: If the log type under the profile is filtered by security level, some logs may not reach the collector. This is not set by default.

  1. Click OK.

Apply the Log Forwarding Profile to Security Policies

  1. Navigate to Policies > Security.
  2. Edit each policy where you want logging (e.g., your outbound traffic rule).
  3. In the Actions tab:
    • Under Log Setting, set:
      • Log at Session End to Yes
      • Log Forwarding to the profile created in Step 2 (ForwardToAuvik)
  4. Click OK and commit your changes.

Commit the Configuration

Click Commit in the top-right corner to apply all your changes to the running config.

Verifying Logs

  • Confirm that logs are arriving at the syslog server.
  • Check the syslog server or Auvik dashboard to verify traffic or threat logs are visible.

Troubleshooting

If logs aren’t showing up in Auvik:

  • Confirm the firewall can ping the collector.
  • Make sure the correct port (usually 514 UDP) is open.
  • Double-check the Log Forwarding profile is applied to active rules.
Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Auvik System Status

Check system status

Need help?

Submit your question or comment and we'll be in touch.

Send a message

Related articles