How to Forward Custom URL Logs to a Syslog Server

How to Forward Custom URL Logs to a Syslog Server

Created On 09/25/18 19:38 PM - Last Modified 06/08/23 02:58 AM



In order to forward URL logs, it is necessary to forward Threat logs of Severity 'informational' to the Syslog server. Doing so will forward other informational threat logs (Data Filtering) in addition to URL logs.


Please refer to the following document for more information on how to configure URL log forwarding to Syslog: How to Forward Threat Logs to Syslog Server


By default, when threat logs are forwarded to Syslog server, the logs will have all several fields including source IP, destination IP and many others including the URL.


To create a custom syslog format to include the URLs in the logs, include the "$misc" field, as shown below to get the URLs in the syslogs.




In the above example, $category==Cateogry of the URL, $misc== URL,$src==Source IP are selected and the syslog looks like this:



URL Filtering and Data Filtering use the 'Informational' severity for threats.


Configure forwarding settings here. This setting allows forwarding not only to syslog, but also covers forwarding for Panorama, SNMP Trap, or Email.


The following example configures forwarding of the email alerts:


Screen Shot 2014-06-16 at 4.18.52 PM copy.jpg


owner: sdurga

  • Print
  • Copy Link

Choose Language