Multiple Logging Destinations on Cloud NGFW for Azure
Table of Contents
Expand all | Collapse all
-
- About Rulestacks and Rules on Cloud NGFW for Azure
- Create a Rulestack on Cloud NGFW for Azure
- Cloud NGFW for Azure Security Rule Objects
- Create a Prefix List on Cloud NGFW for Azure
- Create an FQDN List for Cloud NGFW on Azure
- Add a Certificate to Cloud NGFW for Azure
- Create Security Rules on Cloud NGFW for Azure
- Cloud NGFW for Azure Security Services
- Enable DNS Security on Cloud NGFW for Azure
- Set Up Outbound Decryption on Cloud NGFW for Azure
- Set Up Inbound Decryption on Cloud NGFW for Azure
-
- Configure Logging for Cloud NGFW on Azure
- Cloud NGFW for Azure Traffic Log Fields
- Cloud NGFW for Azure Threat Log Fields
- Cloud NGFW for Azure Decryption Log Fields
- Enable Log Settings
- Disable Log Settings
- Enable Activity Logging on Cloud NGFW for Azure
- Multiple Logging Destinations on Cloud NGFW for Azure
- View the Logs
- View Audit Logs on a Firewall Resource
- View Audit Logs on Resource Groups
- What's New
- Cloud NGFW for Azure Known Issues
- Cloud NGFW for Azure Addressed Issues
Multiple Logging Destinations on Cloud NGFW for Azure
You can now send your generated from Cloud NGFW for Azure to an Azure Log Analytics
workspace or Panorama to multiple destinations at the same time.
You can manage logs and gain insights on cloud security for your Cloud NGFW
resources. Send your logs generated from Cloud NGFW for Azure to an Azure Log
Analytics workspace or Panorama to multiple destinations at the same time. These
logs include both traffic and threat logs (from URL Filtering, WildFire submissions,
File Blocking, Data blocking, and decryption)
Enable Traffic Log in Log Analytics Workspace and Panorama
Following are the steps to enable traffic log in Log Analytics workspace and
Panorama:
- Enable Log Settings on Cloud NGFW for Azure console.
- In Panorama, go toPolicies.
- Select the policy rule for your cloud device group.
- Go to theActionstab and then selectLog Forwardingprofile.
- ClickOK.
- Commit and Pushyour changes in the Panorama console.Once the traffic is sent, you can view the cloud NGFW logs in Log Analytics Workspace and Panorama.For more information, see View the Logs and View Cloud NGFW Logs in Panorama.
Enable Traffic Log in Log Analytics Workspace and Disable in Panorama
Following are the steps to enable traffic log in Log Analytics workspace and
disable logs in Panorama:
- Enable Log Settings on Cloud NGFW for Azure console.
- In Panorama, go toPolicies.
- Select the policy rule for your cloud device group.
- Go to theActionstab and then selectNonein the Log Forwarding profile.
- ClickOK.
- Commit and Pushyour changes in the Panorama console.Once the traffic is sent, you can view the cloud NGFW logs in Log Analytics Workspace and Panorama.For more information, see View the Logs and View Cloud NGFW Logs in Panorama.
Disable Traffic Log in Log Analytics Workspace and Enable in Panorama
Following are the steps to disable logs in Log Analytics workspace and enable
logs in Panorama:
- Disable Log Settings on Cloud NGFW for Azure console.
- In Panorama, go toPolicies.
- Select the policy rule for your cloud device group.
- Go to theActionstab and then selectLog Forwardingprofile.
- ClickOK.
- Commit and Pushyour changes in the Panorama console.Once the traffic is sent, you can view the cloud NGFW logs in Log Analytics Workspace and Panorama.For more information, see View the Logs and View Cloud NGFW Logs in Panorama.
Disable Traffic Log in Log Analytics Workspace and Panorama
Following are the steps to disable logs in Log Analytics Workspace and
Panorama:
- Disable Log Settings on Cloud NGFW for Azure console.
- In Panorama, go toPolicies.
- Select the policy rule for your cloud device group.
- Go to theActionstab and then selectNonein Log Forwarding profile.
- ClickOK.
- Commit and Pushyour changes in the Panorama console.The cloud NGFW logs will no longer reflect in log analytics workspace and Panorama.
Disable Traffic Log in Log Analytics Workspace and Enable in Panorama and
Syslog
Following are the steps to disable logs in Log Analytics workspace and enable
logs in Panorama and Syslog server:
- Disable Log Settings on Cloud NGFW for Azure console.
- In Panorama, go to theDevicetab, and then select the azure NGFWAAS default template (cngfw-az-__DEFAULT_TEMPLATE__).
- Go toServer profiles->Syslog,and then add your syslog server private IP.
- Go to the Device tab, clickSetup,and then clickService Route Configuration.
- ForService Based Routingconfiguration, selectIPv4andSyslogservice. You must ensure that you selectloopback.3as the source interface.
- ForDestination Based Routingconfiguration, select destination and add your syslog server private IP, and then selectloopback.3as the source interface.
- In thelog forwarding profile, add your syslog server.
- In Panorama, go to thePoliciestab, and then select the policy rule for your cloud device group.
- Go to theActionstab and then selectLog Forwarding profile.
- ClickOK.
- CommitandPushyour changes in the Panorama console.The VNET peering must be completed between the Syslog Server VNET and Firewall Hub VNET to receive traffic in the syslog server. After the traffic is sent, you can view the cloud NGFW logs in Panorama and Syslog server.