Configure a Syslog server profile

You can use separate profiles to send syslogs for each log type to a different server. To increase availability, define multiple servers (up to four) in a single profile.

• Select Device > Server Profiles > Syslog

• Click Add and enter a Name for the profile

• If the firewall has more than one virtual system (vsys), select the Location (vsys or Shared) where this profile is available.

• For each syslog server, click Add and enter the information that the firewall requires to connect to it:

• Name —Unique name for the server profile.

• Server —IP address or fully qualified domain name (FQDN) of the syslog server.

• Transport —Select TCP, UDP, or SSL as the method of communication with the syslog server.

• Port —The port number on which to send syslog messages (default is UDP on port 1514); you must use the same port number on the firewall and the syslog server.

• Format —Select the syslog message format to use: BSD (the default) or IETF. Traditionally, BSD format is over UDP and IETF format is over TCP or SSL.

• Facility —Select a syslog standard value (default is LOG_USER) to calculate the priority (PRI) field in your syslog server implementation. Select the value that maps to how you use the PRI field to manage your syslog messages.

• (Optional) To customize the format of the syslog messages that the firewall sends, select the Custom Log Format tab. For details on how to create custom formats for the various log types, refer to the Common Event Format Configuration Guide.

• Click OK to save the server profile.

Configure syslog forwarding for Traffic, Threat, and WildFire Submission logs