Error:
An unexpected error occurred. Please click Reload to try again.
Error:
An unexpected error occurred. Please click Reload to try again.
Threat logs are visible on the GUI but not forwarded to the Sys... - Knowledge Base - Palo Alto Networks

Threat logs are visible on the GUI but not forwarded to the Syslog Server

8378
Created On 05/24/21 07:59 AM - Last Modified 02/28/23 21:11 PM


Symptom




Environment


  • Palo Alto Firewalls.
  • PAN-OS 9.0 and higher.
  • Security profiles configured.


Cause


  • Not all threat logs are generated by traffic matching security policies (And their corresponding security profiles).
  • Example: The "scan" logs are generated by the configured zone protection profile .  


Resolution


To ensure that all the threat logs are forwarded, the following settings must be configured:
  1. A log forwarding profile to forward the threat logs that are generated by traffic matching the security policies, which is configured under GUI: Objects > Log Forwarding
  2. Reference the same log forwarding profile under the network zones that are configured with zone protection profiles, which is configured under GUI: Network > Zones > (ZoneName) >  Log Setting
  3. Commit the changes. All threat logs will now be forwarded.


Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000oM87CAE&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language