Central Syslog Servers

For a few devices, including specific, supported virtual firewalls, communication with Security Manager must be set up as though those devices were logging to a central syslog server. Other devices in a customer deployment may actually log to a central syslog server from which Security Manager must collect logs, instead of directly from the device. In both cases, you can configure central syslog communication with Security Manager in the Administration module.

  • A central syslog server is required only if syslog messages come from a different IP. A central syslog server must be created before it can be assigned to a device. To track usage via syslog, the device must support Level 3+.

    • Common Event Format (CEF) and Log Event Extended Format (LEEF) are the protocols used for log files.

    Refer to your device vendor's user guide for the specific type to select. For example, a Fortinet device may use a remote server type of Syslog.

    Permission Requirements

    A user will need to be a member of a user group with the following minimum permissions granted:

    • Administration: Central Syslog Servers

    • Module: Administration

    Open the Central Syslog Servers List

    • To view a list of syslog servers, click System > Central Syslog Servers.