Threat logs are visible on the GUI but not forwarded to the Syslog Server

Threat logs are visible on the GUI but not forwarded to the Syslog Server

7301
Created On 05/24/21 07:59 AM - Last Modified 02/28/23 21:11 PM


Symptom

Environment


  • Palo Alto Firewalls.
  • PAN-OS 9.0 and higher.
  • Security profiles configured.

Cause


  • Not all threat logs are generated by traffic matching security policies (And their corresponding security profiles).
  • Example: The "scan" logs are generated by the configured zone protection profile .  

Resolution


To ensure that all the threat logs are forwarded, the following settings must be configured:
  1. A log forwarding profile to forward the threat logs that are generated by traffic matching the security policies, which is configured under GUI: Objects > Log Forwarding
  2. Reference the same log forwarding profile under the network zones that are configured with zone protection profiles, which is configured under GUI: Network > Zones > (ZoneName) >  Log Setting
  3. Commit the changes. All threat logs will now be forwarded.
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000oM87CAE&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language