>
    Policy Object: Log Forwarding
    Focus
    Download PDF
    Focus
    1. Home
    2. Network Security
    3. Network Security: Security Policy
    4. Policy Objects
    5. Policy Object: Log Forwarding
    Download PDF
    Network Security

    Policy Object: Log Forwarding

    Table of Contents

    Policy Object: Log Forwarding

    Use a Log Forwarding profile to centrally monitor log information
    Where Can I Use This?
    What Do I Need?
    • NGFW (Cloud Managed)
    • NGFW (PAN-OS & Panorama Managed)
    • Prisma Access (Managed by Strata Cloud Manager)
    • Prisma Access (Managed by Panorama)
    Check for any license or role requirements for the products you're using.
    By default, the logs that get generated reside only in its local storage. However, you can use Panorama™, Cortex Data Lake, or external services (such as a syslog server) to centrally monitor log information by defining a Log Forwarding profile and assigning that profile to Security, Authentication, DoS Protection, and Tunnel Inspection security rules. Log Forwarding profiles define forwarding destinations for the following log types: Authentication, Data Filtering, GTP, SCTP, Threat, Traffic, Tunnel, URL Filtering, and WildFire® Submissions logs.
    Forward logs to Panorama or to external storage for many reasons, including: compliance, redundancy, running analytics, centralized monitoring, and reviewing threat behaviors and long-term patterns. In addition, the log storage capacity is limited and the oldest logs are deleted as and when the storage space fills up. Be sure to forward Threat logs and WildFire logs.
    To enable a PA-7000 Series to forward logs or forward files to WildFire®, you must first configure a Log Card Interface on the PA-7000 Series. As soon as you configure this interface, this port is automatically used—there is no special configuration required. Just configure a data port on one of the PA-7000 Series Network Processing Cards (NPCs) as a Log Card interface type and ensure that the network that you use can communicate with your log servers. For WildFire forwarding, the network must communicate successfully with the WildFire cloud or WF-500 appliance (or both).

    Configure a Log Forwarding Profile

    Recommended For You

    © 2024 Palo Alto Networks, Inc. All rights reserved.