# Palo Alto Panorama (syslog) In this guide, you will set up Panorama to forward Palo Alto Firewall events to Radiant Security through TLS Syslog. ### Prerequisites * [ ] Palo Alto Firewalls *must* be forwarding events to Panorama * [ ] Panorama: `Administrator` * [ ] Custom log formats provided from Radiant Security ### Add the data connector in Radiant Security 1. Log in to [Radiant Security](https://app.radiantsecurity.ai/). 2. From the navigation menu, click **Settings** > **Data Connectors** and click **+ Add Connector**. 3. Search for and select the **Palo Alto Networks Firewall** option and then click **Data Feeds**. 4. Under **Select your data feeds**, select the **Palo Alto 9.1 Firewall** data feed and then click **Credentials**. 5. Under **Credential Name**, give the credential an identifiable name (e.g. `PAN Credentials`). If you already have a credential in place, select it from the drop-down menu. Click **Credentials**. 6. In the **Connector tag** field, enter a random value. This value will act as the salt to randomize the unique **Token** you’ll download in the next step. 7. Click **Add Connector**. 8. Save the **Token** value or use the **Download** **Files** option to save it as a SSL certificate or token file. This token will be used in the next section. 9. Click **Done** to save your changes. ### Upload the certificate to Panorama 1. Login to your Panorama and navigate to **Panorama** > **Certificate Management** > **Certificates** 2. Click **Import** 3. Under **Import** **Certificate**, fill in the following details: * **Certificate Name**: `Radiant Security Syslog CA` * **Certificate File**: Upload the certificate file that you created and saved in the previous section * **File Format**: Base64 Encoded Certificate (PEM) 4. Click **OK** to save the CA certificate. ### Configure the syslog server 1. Navigate to **Panorama** > **Server Profiles** > **Syslog** and click **Add.** 2. Under **Syslog Server Profile**, for **Name** enter `Radiant Security` and fill in the following details: * **Syslog Server**: `cluster.syslog.radiantsecurity.ai` * **Transport**: SSL * **Port**: `6514` * **Format**: BSD * **Facility**: `LOG_USER` 3. Then, click the **Custom Log Format** tab. 4. In the **Log Type** column, for each **Log Type** click on the name and paste the corresponding log format for that log type on the **Config** **Log** **Format** text box. The log formats can be found **Custom Log** file that you created during the data connector setup. 5. Click **OK** to save the configuration. 6. Repeat **steps 2-5** for *all* 14 **Log Types**. 7. Once all 14 log types have been updated, click **OK** on the syslog configuration screen. ### Configure Panorama log settings 1. Navigate to **Panorama** > **Log Settings**. 2. In each box for **System**, **Configuration**, **User-ID**, **HIP Match**, **GlobalProtect**, and **IP-Tag** complete the following: * Click **Add** * Under **Log** **Settings**, fill in the following details: * **Name**: Radiant Security * **Filter**: All Logs * Under **Syslog**, Click **Add** and select the **Syslog Server Profile** (**RadiantSecurity**) that you created from the previous steps * Click **OK** to save and repeat for each **Log Type.** * Navigate to **Objects** > **Log Forwarding**. * Click **Add**. * Under **Log** **Settings**, fill in the following details: * **Name**: Radiant Security * Add a **Match List** * Under **Match List,** select the following **Log Type**: **auth**, **data**, **threat**, **traffic**, **tunnel**, **URL**, and **WildFire** * Under **Syslog**, Click **Add** and select the **Syslog Server Profile** (**RadiantSecurity**) that you created in the previous section ### Configure log collectors log settings In case your environment uses log collectors, follow the steps to configure them to forward syslog to Radiant Security. 1. Navigate to **Panorama** > **Collector Groups**. 2. Click **Collector Log Forwarding.** 3. In each box for **System**, **Configuration**, **User-ID**, **HIP Match**, **GlobalProtect**, and **IP-Tag** complete the following: * Click **Add**. * Under **Log** **Settings**, fill in the following details: * **Name**: `Radiant Security` * **Filter**: `All Logs` * Under **Syslog**, Click **Add** and select the **Syslog Server Profile** (**RadiantSecurity**) that you created from the previous steps 4. Click **OK** to save and repeat for each **Log Type. C**lick **OK** to save and repeat **step 3** for each log type: **System**, **Configuration**, **User-ID**, **HIP** **Match**, **GlobalProtect**, and **IP-Tag**. ### Commit changes 1. Lastly, remember to commit the changes by clicking the **Commit** button in the upper right hand corner. 2. Once the **Commit Status** progress is completed, the configured syslog formats will be used to send logs to Radiant Security. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://help.radiantsecurity.ai/radiant-connectors/data-connectors/palo-alto-panorama-syslog.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.