Configuring a Log Forwarding Profile

Overview

When Designer creates a new rule, its Log Forwarding Profile is set to None by default. You can change this default in the stconf file. Profiles can be set globally or per Device Management ID.

This procedure is relevant for Palo Alto devices.

Prerequisites

Any profile that is defined, must be defined on the device.

Configure the Log Forwarding Profile

  1. Navigate to: https://<SecureTrack_IP>/securetrack/admin/stcgitest.htm

  2. Navigate to Edit StConf > Fetch Current StConf.

  3. In the stconf file, navigate to the Designer_Default_Profiles ;.

  4. Add the Log_Forwarding_Profile.
    <Designer_Default_Profiles>
       <Log_Forwarding_Profile>
          <Profile>log_forwarding_profile1</Profile>
          <Profile management="device_management_id">log_forwarding_profile2</Profile>
       </Log_Forwarding_Profile>
    </Designer_Default_Profiles>

    where:

    • <Profile>...</Profile> defines the default global log forwarding profile.
      For example, <Profile>log_forwarding_profile1</Profile> defines log_forwarding_profile1 as the default global log forwarding profile.

    • <Profile management="device_management_id">...</Profile> defines the specific log forwarding profile for the device with the specified Device Management ID .
      For example, <Profile management="11">log_forwarding_profile2</Profile> defines log_forwarding_profile2 as the specific log forwarding profile for the device with Device Management ID 11.

  5. For Palo Alto Panorama devices: When a profile is set per Device Management ID, the configuration will also apply for all Device Groups beneath it in the hierarchy. When the profile provided is not found on the device, the global default is used. If no global default is found, none will be used.
  6. Click Submit New Conf.