Cloud NGFW for Azure
    : Multiple Logging Destinations on Cloud NGFW for Azure
    Focus
    Download PDF
    Focus
    1. Home
    2. Azure
    3. Cloud NGFW for Azure
    4. Logging
    5. Multiple Logging Destinations on Cloud NGFW for Azure
    Download PDF

    Cloud NGFW for Azure

    Multiple Logging Destinations on Cloud NGFW for Azure

    Table of Contents

    Multiple Logging Destinations on Cloud NGFW for Azure

    You can now send your generated from Cloud NGFW for Azure to an Azure Log Analytics workspace or Panorama to multiple destinations at the same time.
    You can manage logs and gain insights on cloud security for your Cloud NGFW resources. Send your logs generated from Cloud NGFW for Azure to an Azure Log Analytics workspace or Panorama to multiple destinations at the same time. These logs include both traffic and threat logs (from URL Filtering, WildFire submissions, File Blocking, Data blocking, and decryption)

    Enable Traffic Log in Log Analytics Workspace and Panorama

    Following are the steps to enable traffic log in Log Analytics workspace and Panorama:
    1. Enable Log Settings on Cloud NGFW for Azure console.
    2. In Panorama, go to
      Policies
      .
    3. Select the policy rule for your cloud device group.
    4. Go to the
      Actions
      tab and then select
      Log Forwarding
       profile.
    5. Click
      OK
      .
    6. Commit and Push
       your changes in the Panorama console.
      Once the traffic is sent, you can view the cloud NGFW logs in Log Analytics Workspace and Panorama
      .
      For more information, see View the Logs and View Cloud NGFW Logs in Panorama.

    Enable Traffic Log in Log Analytics Workspace and Disable in Panorama

    Following are the steps to enable traffic log in Log Analytics workspace and disable logs in Panorama:
    1. Enable Log Settings on Cloud NGFW for Azure console.
    2. In Panorama, go to
      Policies
      .
    3. Select the policy rule for your cloud device group.
    4. Go to the
      Actions
      tab and then select
      None
      in the Log Forwarding profile.
    5. Click
      OK
      .
    6. Commit and Push
       your changes in the Panorama console.
      Once the traffic is sent, you can view the cloud NGFW logs in Log Analytics Workspace and Panorama
      .
      For more information, see View the Logs and View Cloud NGFW Logs in Panorama.

    Disable Traffic Log in Log Analytics Workspace and Enable in Panorama

    Following are the steps to disable logs in Log Analytics workspace and enable logs in Panorama:
    1. Disable Log Settings on Cloud NGFW for Azure console.
    2. In Panorama, go to
      Policies
      .
    3. Select the policy rule for your cloud device group.
    4. Go to the
      Actions
      tab and then select
      Log Forwarding
       profile.
    5. Click
      OK
      .
    6. Commit and Push
       your changes in the Panorama console.
      Once the traffic is sent, you can view the cloud NGFW logs in Log Analytics Workspace and Panorama
      .
      For more information, see View the Logs and View Cloud NGFW Logs in Panorama.

    Disable Traffic Log in Log Analytics Workspace and Panorama

    Following are the steps to disable logs in Log Analytics Workspace and Panorama:
    1. Disable Log Settings on Cloud NGFW for Azure console.
    2. In Panorama, go to
      Policies
      .
    3. Select the policy rule for your cloud device group.
    4. Go to the
      Actions
      tab and then select
      None
      in Log Forwarding profile.
    5. Click
      OK
      .
    6. Commit and Push
       your changes in the Panorama console.
      The cloud NGFW logs will no longer reflect in log analytics workspace and Panorama.

    Disable Traffic Log in Log Analytics Workspace and Enable in Panorama and Syslog

    Following are the steps to disable logs in Log Analytics workspace and enable logs in Panorama and Syslog server:
    1. Disable Log Settings on Cloud NGFW for Azure console.
    2. In Panorama, go to the
      Device
      tab, and then select the azure NGFWAAS default template (
      cngfw-az-__DEFAULT_TEMPLATE__
       ).
    3. Go to
      Server profiles
       ->
      Syslog,
      and then add your syslog server private IP.
    4. Go to the Device tab, click
      Setup,
      and then click
      Service Route Configuration
      .
      • For
        Service Based Routing
         configuration, select
        IPv4
        and
        Syslog
         service. You must ensure that you select
        loopback.3
         as the source interface.
      • For
        Destination Based Routing
         configuration, select destination and add your syslog server private IP, and then select
        loopback.3
         as the source interface.
    5. In the
      log forwarding profile
      , add your syslog server.
    6. In Panorama, go to the
      Policies
       tab, and then select the policy rule for your cloud device group.
    7. Go to the
      Actions
      tab and then select
      Log Forwarding profile
      .
    8. Click
      OK
      .
    9. Commit
      and
      Push
      your changes in the Panorama console.
      The VNET peering must be completed between the Syslog Server VNET and Firewall Hub VNET to receive traffic in the syslog server. After the traffic is sent, you can view the cloud NGFW logs in Panorama and Syslog server.

    Recommended For You

    © 2024 Palo Alto Networks, Inc. All rights reserved.