Forwarding threat logs to a syslog server requires three steps
- Create a syslog server profile
- Configure the log-forwarding profile to select the threat logs to be forwarded to syslog server
- Use the log forwarding profile in the security rules
- Commit the changes
Note: Informational threat logs also include URL, Data Filtering and WildFire logs.
Syslog server profile
Go to Device > Server Profiles > Syslog
- Name: Name of the syslog server
- Server : Server IP address where the logs will be forwarded to
- Port: Default port 514
- Facility: To be elected from the drop down according to the requirements
![syslog server.png syslog server.png](/servlet/rtaImage?eid=ka14u000000c8Rd&feoid=00N0g000003VPSv&refid=0EM0g000001AdVi)
Log forwarding profile
Go to Objects > Log forwarding
Create the syslog server profile for forwarding threat logs to the configured server.
Add a Log Forwarding Match List to the profile
add the syslog server and select a desired (if any) filter
Use the filter builder to add more filtering parameters for logs to be forwarded
Once configured, the log forwarding should look like the following
![profile list.png profile list.png](/servlet/rtaImage?eid=ka14u000000c8Rd&feoid=00N0g000003VPSv&refid=0EM0g000001AdVo)
Security Rule
Go to Policies > Security Rule
Select the rule for which the log forwarding needs to be applied. Apply the security profiles to the rule.
Go to Actions > Log forwarding and select the log forwarding profile from drop down list.
![logforwarding security.png logforwarding security.png](/servlet/rtaImage?eid=ka14u000000c8Rd&feoid=00N0g000003VPSv&refid=0EM0g000001AdVN)
Commit the configuration