Forwarding threat logs to a syslog server requires three steps
Note: Informational threat logs also include URL, Data Filtering and WildFire logs.
Syslog server profile
Go to Device > Server Profiles > Syslog
Log forwarding profile
Go to Objects > Log forwarding
Create the syslog server profile for forwarding threat logs to the configured server.
Add a Log Forwarding Match List to the profile
add the syslog server and select a desired (if any) filterUse the filter builder to add more filtering parameters for logs to be forwarded
Once configured, the log forwarding should look like the following
Go to Policies > Security Rule
Select the rule for which the log forwarding needs to be applied. Apply the security profiles to the rule.
Go to Actions > Log forwarding and select the log forwarding profile from drop down list.
Commit the configuration