Cloud NGFW for AWS
    : View Cloud NGFW Logs in Cortex Data Lake
    Focus
    Download PDF
    Focus
    1. Home
    2. AWS
    3. Cloud NGFW for AWS
    4. Panorama Policy Management
    5. Integrating Panorama
    6. View Cloud NGFW Logs in Cortex Data Lake
    Download PDF

    Cloud NGFW for AWS

    View Cloud NGFW Logs in Cortex Data Lake

    Table of Contents

    View Cloud NGFW Logs in Cortex Data Lake

    View logs in Cortex Data Lake for your Cloud NGFW resource.
    When you integrate Cloud NGFW with Panorama and Cortex Data Lake (CDL), you forward logs created by your Cloud NGFW resources and view them in CDL. In the CDL web interface, you can view the Traffic, threat, and decryption logs generated by your Cloud NGFW Resources.
    If you're using Panorama and are not using CDL for log collection, you can forward logs to another entity, however, you must enable CDL in your logging profile.
    For information about the log fields, see the Cortex Data Lake Schema Reference: Traffic, Threat, and Decryption.
    1. Log in to your Cortex Data Lake instance.
    2. Select
      Explore
      .
    3. From the query drop-down, you can select the type of logs. Each page displays 100 logs. However, you can use the CDL Queries to refine the information displayed.
    4. Select
      Inventory
       to display information about onboarded firewalls.
    5. In the
      Inventory
       page, select
      Cloud NGFW
      .

    Forward Logs to Cortex Data Lake

    To forward logs to CDL:
    1. In the Panorama console, select
      Objects
       under
      Device Groups
      .
    2. Select
      Log Forwarding
      .
    3. Click
      Add
       to create a new log forwarding match list profile.
    4. In the
      Log Forwarding Profile Match List
       screen, specify a name for the log.
    5. Select a
      Log Type
       from the drop-down.
    6. Select
      Panorama/Cortex Data Lake
       as the
      Forward Method
      .
    7. Click
      OK
      .
    8. Commit and push your change.

    Forward Logs without Cortex Data Lake

    If you're using Panorama and are not using CDL for log collection, you can forward logs to another entity, like AWS Cloudwatch, Amazon S3, or Amazon Kinesis.
    1. In the Panorama console, select
      Objects
       under
      Device Groups
      .
    2. Select
      Log Forwarding
      .
    3. Click
      Add
       to create a new log forwarding match list profile.
    4. In the
      Log Forwarding Profile Match List
       screen, specify a name for the log.
    5. Select a
      Log Type
       from the drop-down.
      If Panorama isn't linked to CDL, logs are not forwarded to the Panorama console, they are viewable in another application like Cloud watch, S3, or Kinesis. Use the Cloud NGFW console to configure these other logging methods.
      Enable CDL in your logging profile even if you don't intend to send logs directly to CDL.
    6. Click
      OK
      .
    7. Commit and push your change.

    Recommended For You

    © 2024 Palo Alto Networks, Inc. All rights reserved.