>
    Strata Copilot
    Configure Log Forwarding (Strata Cloud Manager)
    Focus
    Download PDF
    Focus
    1. Home
    2. Network Security
    3. Network Security: Security Policy
    4. Policy Objects
    5. Policy Object: Log Forwarding
    6. Configure Log Forwarding (Strata Cloud Manager)
    Download PDF
    Network Security

    Configure Log Forwarding (Strata Cloud Manager)

    Table of Contents

    Configure Log Forwarding (Strata Cloud Manager)

    Use a Log Forwarding profile to centrally monitor log information
    Configure log forwarding profiles to send logs to external services such as Syslog, Email, SNMP, or HTTP servers. You can configure profiles for Data Plane logs (such as Traffic or Threat) or Management Plane logs (such as System or Config).
    Prerequisites
    • You must have a Server Profile configured (Syslog, HTTP, Email, or SNMP) to select as a destination.
    1. Log in to Strata Cloud Manager.
    2. Select ConfigurationNGFW and Prisma AccessObjectsLog Forwarding.
    3. Select the Configuration Scope where you want to create the profile such as Global, a specific Folder, or a Snippet.
    4. Select Add Log Forwarding Profile.
    5. Enter a descriptive Name for the profile.
    6. Select the Profile Type.
      • Data Plane: Select this to forward Traffic, Threat, WildFire, URL Filtering, Data Filtering, Tunnel, and Authentication logs. These profiles must be attached to security policy rules to take effect.
      • Management Plane: Select this to forward System, Config, User-ID, IP-Tag, HIP Match, and GlobalProtect logs. These profiles are pushed globally to the firewall's Device settings and are not attached to security policy rules.
      Once you save the profile, you cannot change the Profile Type.
    7. Select Add Profile Match List to create a match list entry. A match list specifies the log type, filters, and destination for the logs.
      • Enter a Name for the match list.
      • Enter a description.
      • Select the Log Type.
        • If you selected Management Plane, available types include System, Config, User-ID, IP-Tag, HIP Match, and GlobalProtect
      • (Optional) Configure a Filter.
        In the absence of a filter, all logs of the specific type are forwarded to the destination.
        • For System logs, you can filter by severity. For example, severity eq critical.
        • For other log types, you can filter by specific attributes supported by that log type.
      • Select the destination Server Profile (Syslog, Email, SNMP, or HTTP) where you want to forward the logs.
      • Select OK to save the match list.
    8. Select Save to create the Log Forwarding Profile.
    9. Apply the Log Forwarding Profile:
      • For Data Plane Profiles: You must assign the profile to a Security policy rule. Go to Security Services Security Policy, edit a rule, and add the profile under the Actions tab.
      • For Management Plane Profiles: You do not need to attach the profile to a rule. The configuration is applied directly to the firewall's Log Settings when you push the configuration.
    10. Select Push Config to activate your changes on the managed firewalls.
      Result After a successful push, verify the configuration on the firewall. For Management Plane profiles, the settings appear locally on the firewall under DeviceLog Settings.

    © 2026 Palo Alto Networks, Inc. All rights reserved.