Submit a ticketCall us

Systems Monitoring for Dummies
Our new eBook will teach you the fundamentals and help you create monitors and alerts that are effective, meaningful, and actionable. Monitoring is more than a checkbox on your to-do list. This free eBook will give you practical advice to help you succeed in all aspects of monitoring – discovery, alerting, remediation, and troubleshooting. Don’t miss out on this indispensable resource for newbies, experienced IT pros, and everyone in between. Register Now.

Home > Success Center > Log & Event Manager (LEM) > Integrate Palo Alto firewalls with LEM

Integrate Palo Alto firewalls with LEM

Created by Karen Valdellon, last modified by MindTouch on Jun 23, 2016

Views: 669 Votes: 1 Revisions: 3

Overview

This article describes how to configure Palo Alto firewalls and the following Palo Alto Networks to connect to your LEM appliance:

  • PA-2000 Series
  • PA-4000 Series

Environment

All LEM versions

Steps

Palo Alto firewall

Consult the following sections of the Palo Alto Administrator's Guide to configure your firewall to send syslog messages to your LEM appliance:

  • Defining Configuration and System Log Settings
  • Defining Log Forwarding Profiles

Note: The default logging facility used in the LEM connector for Palo Alto firewalls is local5. If you choose an alternate logging facility during your firewall configuration, note if for use in the next procedure.

PA-2000 Series and PA-4000 Series

  1. Open the LEM Console and log in to the LEM Manager as an administrator.
  2. Click the gear icon next to your LEM Manager and then select Connectors.
  3. In the Connector Configuration window, enter Palo Alto in the search box at the top of the Refine Results pane.
  4. Click the gear icon next to the Palo Alto Networks PA-2000 Series and PA-4000 Series Firewall connector, and then select New.
  5. Enter a custom Alias or accept the default.
  6. Verify that the Log File value matches the Facility value you selected when defining LEM as a syslog server for your firewall.
  7. Click Save.
  8. Click the gear icon next to the new connector, and then click Start.
  9. Click Close. 

 

Last modified

Tags

Classifications

Public