View Audit Logs in a Firewall Resource
Focus
Focus
Cloud NGFW for Azure

View Audit Logs in a Firewall Resource

Table of Contents

View Audit Logs in a Firewall Resource

Learn how to view audit logs on your Cloud NGFW for Azure resource.
Where Can I Use This?What Do I Need?
  • Cloud NGFW for Azure
  • Cloud NGFW subscription
  • Palo Alto Networks Customer Support Portal account
  • Azure Marketplace subscription
A log is an automatically generated, time-stamped file that provides an audit trail for system events on the firewall or network traffic events that the firewall monitors. Log entries contain artifacts, which are properties, activities, or behaviors associated with the logged event, such as the application type or the IP address of an attacker. Each log type records information for a separate event type. For example, the firewall generates a Threat log to record traffic that matches a spyware, vulnerability, or malware signature or a DoS attack that matches the thresholds configured for a port scan or host sweep activity on the firewall.
The Cloud NGFW can send traffic, threat, and decryption logs to an Azure Log Analytics Workspace that you will create in the Azure portal. The Log Analytics Workspace is associated with a workspace ID, primary Key, and a secondary key, which is retrieved through the logging API by the control plane.
To view audit logs on the firewall Resource that is deployed on a resource group:
  1. From the homepage, navigate to the Cloud NGFW firewall resource on which you want to view the logs.
  2. Click Activity Log on the left pane and select the desired Timespan for which you wish to view the logs and click Apply. The list of logs for the selected timespan appears.
  3. Click the desired log to view the Summary and JSON of the log.