If you want to archive Cortex Data Lake logs for long-term storage, for SOC or internal audit, or to fulfill your organization's legal compliance requirements, the Log Forwarding app enables you to forward these logs to external destinations. For example, you can forward logs using Syslog to a SIEM for long term storage, SOC, or internal audit obligations, and forward email notifications for critical events to an email address. Here, you'll find what you need to start forwarding Cortex Data Lake log data.
The Log Forwarding App Release Notes details the latest Log Forwarding App features, and issues that we're working on.
Table of Contents
You can now forward Cortex XDR – Investigation and Response alerts to an external Syslog receiver or email.
Get an email updates when the Log Forwarding app is not able to connect to your Syslog server, so that you can quickly restore Syslog connectivity and resume log forwarding.
You can now forward Cortex XDR — Analytics (Magnifier) alert logs to either a Syslog destination, or to the destination of your choice using email.
See all Log Forwarding app release updates...
Log Forwarding App Essentials
Tech Docs: You'll Want to Forward This!
Logging Service Privacy Datasheet
Cortex Data Lake
Get started with the Palo Alto Networks Log Forwarding app and begin forwarding logs from the Logging Service to a Syslog server.
Manage App Roles
The roles assigned to your account determine what you are able to do with any given app.
Cortex Data Lake Getting Started
Cortex Data Lake License Activation
Determine whether to you need to activate your Cortex Data Lake (formerly called the Logging Service) license on the CSP or on the Cloud Services portal.
TCP Ports and FQDNs Required for Cortex Data Lake
List of FQDNs and ports that you must allow to ensure connectivity to the Cortex Data Lake.