Forward Palo Alto Networks logs¶
Configure Palo Alto Networks to forward syslog messages in CEF format:
- Go to Common Event Format (CEF) Configuration Guides and download the pdf for your appliance type. Follow all the instructions in the guide to set up your Palo Alto Networks appliance to collect CEF events.
- Go to Configure Syslog monitoring and follow steps 2 and 3 to configure CEF event forwarding from your Palo Alto Networks appliance.
- Make sure to set the Syslog server format to BSD.
The copy/paste operations from the PDF might change the text and insert random characters. To avoid this, copy the text to an editor and remove any characters that might break the log format before pasting it, as you can see in this example.
Make sure that all firewalls (including the firewall on the collector machine) allow connections to the collector port