Palo Alto Firewall

Step 1. Create a Syslog Server Profile #

Navigate to:
Device > Server Profiles > Syslog
Configure the following:
- Syslog Name:
  Enter a name for the syslog profile (up to 31 characters).
  The name is case-sensitive and must be unique. Use only letters, numbers, spaces, hyphens, and underscores.
- Name:
  Click Add and enter a name for the syslog server (up to 31 characters).
  The name is case-sensitive and must be unique. Use only letters, numbers, spaces, hyphens, and underscores.
- Syslog Server:
  Enter the IP address of the Databahn Collector.
- Transport:
  Select the protocol to transport the syslog messages (UDP, TCP, or SSL).
- Port:
  Enter the port number of the syslog server: the SolCyber team will advise on what port to use.
- Format:
  Choose the syslog format: BSD (default) or IETF.
- Facility:
  Select one of the Syslog standard values.
  Use RFC 3164 (BSD)
Your syslog server profile will now be created, as shown below:
(Optional) Customize the log format and add custom Key:Value attribute pairs:
Go to:
For databahn standard integration use default
Device > Server Profiles > Syslog > Syslog Server Profile > Custom Log Format

Your Log Forwarding Profile is now created:

Go to the Security Policies section
Select the rule for which the log forwarding should be applied (e.g., Any Allow)
Go to the Actions tab:
- Select the appropriate Log Forwarding Profile from the dropdown.
- Click OK once satisfied with your configuration.
After applying, the forwarding icon will appear in the Options column of your security rule.