View Cloud NGFW Logs in Cortex Data Lake
When your Cloud NGFW is integrated with Panorama and Cortex Data Lake (CDL), you can forward
logs generated by your Cloud NGFW resources and view them in CDL. In the
CDL UI, you can view the Traffic, Threat, and Decryption logs generated by your
Cloud NGFW Resources.
For information about the logs fields, see the Cortex Data Lake Schema
Reference: Traffic, Threat, and Decryption.
- Log in to your Cortex Data Lake instance.
- SelectExplore.
- From the query drop-down, you can select what type of logs are displayed. Each page displays 100 logs. However, you can use the CDL Queries to refine the information displayed.
- SelectInventoryto display information about onboarded firewalls.
- In theInventorypage, selectCloud NGFW.
Forward Logs to Cortex Data Lake
To forward logs to CDL:
- In the Panorama console, selectObjectsunderDevice Groups.
- SelectLog Forwarding.
- ClickAddto create a new log forwarding match list profile.
- In theLog Forwarding Profile Match Listscreen, specify a name for the log.
- Select aLog Typefrom the drop-down menu.
- SelectPanorama/Cortex Data Lakeas theForward Method.
- ClickOK.
- Commit and push your change.
Forward Logs without Cortex Data Lake
If you are using Panorama and are not using CDL for log collection, you can
forward logs to another entity, like AWS Cloudwatch, Amazon S3, or Amazon
Kinesis.
- In the Panorama console, selectObjectsunderDevice Groups.
- SelectLog Forwarding.
- ClickAddto create a new log forwarding match list profile.
- In theLog Forwarding Profile Match Listscreen, specify a name for the log.
- Select aLog Typefrom the drop-down menu.If Panorama is not linked to CDL, logs are not forwarded to the Panorama console, they are viewable in another application like Cloudwatch , S3, or Kinesis. Use the Cloud NGFW console to configure these other logging methods.
- ClickOK.
- Commit and push your change.
