USD ($)
$
United States Dollar
India Rupee
Your cart is empty
Empty notifications
Login Register

Lab 10: Syslog

Lesson 10/10 | Study Time: 60 Min
Course: Palo Alto Lab Guide: Mastery on Firewall
Lab 10: Syslog

Task

1.1 For this you just need to configure switch according to Lab1.

1.2 Install Kiwi Syslog application in workstation.

1.3 Add Syslog server in PaloAlto01 to receive log in our workstation.


Explanation

Let suppose you have lots of configuration on your firewall and lots of log are generating due to the massive configuration. Some time few protocols or features are disturbed then how you will identify where is the fault so you can check for the logs that are appearing in firewall console. What if you want to see yesterday log how will you see it or suppose network security admin is on leave and come back after two days how he will able to see few days old logs because on console screen you will able to only limited amount of logs.

So solution for this problem is that we can store these logs in a server and that server is called Syslog Server. We configure our firewall to send each and every event log to our syslog server. It can be related to system configuration, firewall session made, any kind of alert or notification etc. so this will help us to identify where the problem is and it can also help us to investigate if anything wrong happen with firewall how just because of log for each and every event. Even if we are committing some configuration log will we generated for it.

Configuration

 Take GUI of PaloAlto01:

https://10.0.0.1

click on Device Tab then Select Syslog under Server Profiles



Click on add button

Here I Named it KIWI_SYSLOG then add fill details as shown below

In syslog server section add ip address of you workstation that will become our Syslog Server.



This is how it will look like



Now click on Log Setting in Device Tab



Click in information and add syslog: KIWI_SYSLOG 

It means we want information related log



Similarly, for low, medium, high and critical for all select KIWI_SYSLOG



Now edit Config by clicking on Bolt symbol right corner of config

Here also select syslog: KIWI_SYSLOG, it means we want configuration related log also.



Here is how it look Log Setting section 

Everywhere KIWI_SYSLOG.



Now go to Object Tab and select Log Forwarding



Click on add button then Name it SYSLOG and select KIWI_SYSLOG as shown below then click ok.



This how it looks



If you configured any security policy and want log related to sessions are made during traffic inspection then do it as shown in screenshot.

In security policy click on edit then go to Actions tab then check Log at Session Start, Log at Session End. In Log Forwarding Select SYSLOG then click ok.



Now it’s to commit the all configurations.

Go to Our workstation Install Kiwi syslog and run it. Here I have an older version that will look like as shown below just after installation:



Now go to Palo Alto GUI and create any zone or do any configuration. Then come back to Kiwi Syslog application. And see the logs.

What I did created two zones then deleted one zone I got log for every event I have done on my Palo Alto.



Previous Lesson
Amar Singh

Amar Singh

Product Designer
★★★★★ 4.94
Faithful User
Expert Vendor
Golden Classes
King Seller
Fantastic Support
Loyal Writer
Profile Book a Meeting

Class Sessions

1- Lab 1: Basic Connectivity 2- Lab 1: Implementation of zones and virtual routes and l3 interface 3- Lab 3: Security policy implementation 4- Lab 1: Configuring HA Palo Alto 5- Lab 5: Static Nat implementation 6- Lab 6: Static Nat implementation 7- Lab 1: Site to site VPN config 8- Lab 1: Layer 3 sub-Interface 9- Lab 1: Interface type Virtual Wire 10- Lab 10: Syslog