Create a Central Syslog Server

For MSSPs, central syslog servers can be managed at the Enterprise domain level and at the customer domain level. Central syslog servers added in the Enterprise domain will be available to devices across your Security Manager deployment, in all customer domains. Central syslog servers added in the customer domain will be available only in that customer domain.

You must have permissions to read and write device groups (that contain the devices that use central syslog) or All Devices in order to select a central syslog server in the device properties.

To create a central syslog server, complete the following steps.

1. On the toolbar, click System > Central Syslog Servers.
2. Click Create.
3. Enter the following properties:
   • Name—name of the server as you want to see it in Security Manager
   • IP addresses—this is the IP address of where the logs are coming from. You can enter multiple comma-separated IPv4 addresses.

For Fortinet VDOM, Juniper VSYS and Palo Alto VSYS, the IP address that you enter here is the syslog origin. If syslog origin is independently configurable on the device, this IP address may or may not be the same as the device.

4. Select a syslog Configuration from the list.
5. Click Save.