How to Forward Threat Logs to Syslog Server

How to Forward Threat Logs to Syslog Server

Created On 09/25/18 17:27 PM - Last Modified 06/08/23 07:21 AM


Forwarding threat logs to a syslog server requires three steps

  1. Create a syslog server profile
  2. Configure the log-forwarding profile to select the threat logs to be forwarded to syslog server
  3. Use the log forwarding profile in the security rules
  4. Commit the changes


Note: Informational threat logs also include URL, Data Filtering and WildFire logs.


Syslog server profile

Go to Device > Server Profiles > Syslog

  • Name: Name of the syslog server
  • Server : Server IP address where the logs will be forwarded to
  • Port: Default port 514
  • Facility: To be elected from the drop down according to the requirements

syslog server.png


Log forwarding profile

Go to Objects > Log forwarding

Create the syslog server profile for forwarding threat logs to the configured server.

log forwarding profile.pngAdd a Log Forwarding Match List to the profile

filter builder.pngadd the syslog server and select a desired (if any) filterfilter builder 2.pngUse the filter builder to add more filtering parameters for logs to be forwarded


Once configured, the log forwarding should look like the following

profile list.png


Security Rule

Go to Policies > Security Rule

Select the rule for which the log forwarding needs to be applied. Apply the security profiles to the rule.

Go to Actions > Log forwarding and select the log forwarding profile from drop down list.

logforwarding security.png


Commit the configuration


  • Print
  • Copy Link

Choose Language