Submit a ticketCall us

Don’t fall victim to a ransomware attack
Backups are helpful, but sometimes that’s not enough to protect your business against ransomware. At our live webcast we will discuss how to protect against ransomware attacks with SolarWinds® Patch Manager and how to leverage log data to detect ransomware. Register now for our live webcast.

Home > Success Center > Log & Event Manager (LEM) > Integrate Palo Alto firewalls with LEM

Integrate Palo Alto firewalls with LEM

Created by Karen Valdellon, last modified by MindTouch on Jun 23, 2016

Views: 240 Votes: 1 Revisions: 3


This article describes how to configure Palo Alto firewalls and the following Palo Alto Networks to connect to your LEM appliance:

  • PA-2000 Series
  • PA-4000 Series


All LEM versions


Palo Alto firewall

Consult the following sections of the Palo Alto Administrator's Guide to configure your firewall to send syslog messages to your LEM appliance:

  • Defining Configuration and System Log Settings
  • Defining Log Forwarding Profiles

Note: The default logging facility used in the LEM connector for Palo Alto firewalls is local5. If you choose an alternate logging facility during your firewall configuration, note if for use in the next procedure.

PA-2000 Series and PA-4000 Series

  1. Open the LEM Console and log in to the LEM Manager as an administrator.
  2. Click the gear icon next to your LEM Manager and then select Connectors.
  3. In the Connector Configuration window, enter Palo Alto in the search box at the top of the Refine Results pane.
  4. Click the gear icon next to the Palo Alto Networks PA-2000 Series and PA-4000 Series Firewall connector, and then select New.
  5. Enter a custom Alias or accept the default.
  6. Verify that the Log File value matches the Facility value you selected when defining LEM as a syslog server for your firewall.
  7. Click Save.
  8. Click the gear icon next to the new connector, and then click Start.
  9. Click Close. 


Last modified
20:02, 22 Jun 2016