Strata Logging Service
Forward Logs to OCI Bucket
Table of Contents
Forward Logs to OCI Bucket
Learn how to forward logs from the Strata Logging Service to an Oracle Cloud
Infrastructure (OCI) Storage Bucket.
| Where Can I Use This? | What Do I Need? |
|---|---|
| One of these:
|
Strata Logging Service™ (SLS) allows you to forward logs to an Oracle Cloud
Infrastructure (OCI) Storage Bucket for long-term retention, compliance auditing,
and external analysis. By integrating your logging infrastructure with OCI, you can
leverage cloud-native storage to manage large volumes of security data
efficiently.
Use OCI log forwarding when you need to archive network traffic, threat, and system
logs outside of the Palo Alto Networks® ecosystem for custom reporting or
third-party security information and event management (SIEM) integration.
Before you begin, ensure you have your OCI Bucket Name, Region, Namespace, Secret
Key, and Access Key ID.
- Enable communication between the Strata Logging Service and your OCI account (Access the Customer Secret Keys).
- Click the Profile icon in the top-right corner of the console.Select User Settings (or My Profile) and Select from the left-hand menu.To open the configuration dialog, click Generate Secret Key.In the Name field, enter a descriptive name for the key (for example, Bucket-Access-Key).Click Generate Secret Key.Copy the Secret Key and save it in a secure location. OCI displays this secret key only once. If you lose it, you must generate a new one.Click Close.Locate your new key in the Customer Secret Keys table. Record the string in the Access Key column; this is your Access Key ID.Sign In to the hub.Select the Strata Logging Service instance that you want to configure for log forwarding.If you have multiple Strata Logging Service instances, click the Strata Logging Service tile and select an instance from the list of those available.If you are using Strata Cloud Manager to manage Strata Logging Service, click to forward logs to an external server.Select to add a new OCI log forwarding profile.Configure the log forwarding profile to forward logs to Cloud Storage.
- Enter a unique descriptive Profile Nameto identify this forwarding configuration.Select the Oracle Cloud Bucket option under Cloud Storage to enable OCI-specific fields.Enter the Bucket Name exactly as it appears in your OCI console.Enter the Region where your bucket is hostedEnter your Access Key ID.Enter your OCI Secret Key in the provided field.Enter the OCI Bucket Namespace associated with your OCI tenancy.To confirm the credentials and bucket details are valid, click Test Connection.This sends an empty log to the configured destination to verify that transmission is possible.If the test fails, you won't be able to proceed.After you see the Test Connection successful! message, click OK to save your changes.Specify the Payload Format as JSON - the log format in which the Strata Logging Service forwards logs.(Optional) To receive a STATUS NOTIFICATION when the Strata Logging Service is unable to connect to the OCI, enter the email address at which you’d like to receive the notification.You will continue to receive these notifications at least once every 60 minutes until connectivity is restored. If the connectivity issue is addressed within 72 hours, no logs will be lost. However, any log older than 72 hours following the service disconnection could be lost.Select the log type , Log source and optionally write a query to create filter to forward only the logs that are most critical to you. Save your changesIf you want to forward all logs of the type you selected, do not enter a query.Click Ok to complete the profile configuration.Verify that the Status of your forwarding profile is Running ().
![]()
(Optional) You can use the running OCI forwarding profile to forward past logs spanning up to 3 days.
