Configuring a Log Forwarding Profile

Overview

When Designer creates a new rule, its Log Forwarding Profile is set to None by default. You can change this default in the stconf file. Profiles can be set globally or per Device Management ID.

This procedure is relevant for Palo Alto devices.

Prerequisites

Any profile that is defined, must be defined on the device.

Configure the Log Forwarding Profile

  1. Navigate to: https://<SecureTrack_IP>/securetrack/admin/stcgitest.htm

  2. Navigate to Edit StConf > Fetch Current StConf.

  3. In the stconf file, navigate to the Designer_Default_Profiles ;.

  4. Add the Log_Forwarding_Profile. 
    <Designer_Default_Profiles>
                            <Log_Forwarding_Profile>
                            <Profile>log_forwarding_profile1</Profile>
                            <Profile management="12">log_forwarding_profile2</Profile>
                            </Log_Forwarding_Profile>
                        </Designer_Default_Profiles>

    where

    • <Profile>log_forwarding_profile1</Profile> defines the global default.

    • <Profile management="12">log_forwarding_profile2</Profile> defines default profile for Device Management ID 12 as Log Forwarding Profile 2.

    5. For Palo Alto Panorama devices: When a profile is set per Device Management ID, the configuration will also apply for all Device Groups beneath it in the hierarchy. When the profile provided is not found on the device, the global default is used. If no global default is found, none will be used.

  5. Click Submit New Conf.