View Traffic and Threat Logs and Activity in Panorama
Focus
Focus
Cloud NGFW for AWS

View Traffic and Threat Logs and Activity in Panorama

Table of Contents

View Traffic and Threat Logs and Activity in Panorama

View logs and activity in Panorama.
Where Can I Use This?What Do I Need?
  • Cloud NGFW for AWS
  • Cloud NGFW subscription
  • Palo Alto Networks Customer Support Account (CSP)
  • AWS Marketplace account
  • User role (either tenant or administrator)

View Cloud NGFW Logs in Panorama

When you Cloud NGFW resources are integrated with Panorama and Strata Logging Service, logs and activity are captured and displayed in Panorama on the Monitoring and Application Command Center (ACC) tabs. Panorama collects logs generated by the Cloud NGFW and displays them on the Monitor tab. You can select from the Traffic, Threat, URL Filtering and Decryption logs and filter those by ID or name. See Cloud NGFW logging documentation for descriptions of the log fields.
  1. Log in to Panorama.
  2. Select Monitor.
  3. From the Device Group drop-down, select the Cloud Device Group to view activity.
  4. You can use a Panorama filter to view the log of an individual Cloud Device Group. Locate the Device Name. Click the + icon in the upper right portion of the Panorama interface to add a new filter. Enter the name for the filter, then click Save. Click the Load Filter icon. Select the newly created filter to display the logs for the individual Cloud Device Group.
  5. From the Logs menu on the left side on the Panorama console, you can choose a specific type of log to view.

View Cloud NGFW Activity in the ACC

The ACC is an analytical tool that provides actionable intelligence about the activity within your network. The ACC uses the Cloud NGFW logs to graphically depict traffic trends on your network. The graphical representation allows you to interact with the data and visualize the relationships between events on the network including network usage patterns, traffic patterns, and suspicious activity and anomalies.
In Panorama, you can filter ACC content based on Cloud Device Group. To learn how to filter and view specific information about activity on your Cloud NGFW resources, see the ACC documentation for PAN-OS.
  1. Log in to Panorama.
  2. Select ACC.
  3. From the Device Group drop-down, select the Cloud Device Group to view activity.
  4. You can use a Panorama filter to view the log of an individual Cloud Device Group. Locate the Device Name. Click the + icon in the upper right portion of the Panorama interface to add a new filter. Enter the name for the filter, then click Save. Click the Load Filter icon. Select the newly created filter to display the logs for the individual Cloud Device Group.