Policy Object: Log Forwarding
Use a Log Forwarding profile to centrally monitor log information
Where Can I Use This? | What Do I Need? |
- NGFW (Cloud Managed)
- NGFW (PAN-OS & Panorama Managed)
- Prisma Access (Managed by Strata Cloud Manager)
- Prisma Access (Managed by Panorama)
| Check for any license or role requirements for the products you're using. |
By default, the logs that get generated reside only in its local storage. However, you can use
Panorama™, Strata Logging Service, or external services (such as a syslog server)
to centrally monitor log information by defining a Log Forwarding profile and assigning
that profile to Security, Authentication, DoS Protection, and Tunnel Inspection security
rules. Log Forwarding profiles define forwarding destinations for the following log
types: Authentication, Data Filtering, GTP, SCTP, Threat, Traffic, Tunnel, URL
Filtering, and WildFire® Submissions logs.
Forward logs to Panorama or to external storage for many reasons, including: compliance,
redundancy, running analytics, centralized monitoring, and reviewing threat
behaviors and long-term patterns. In addition, the log storage capacity is limited
and the oldest logs are deleted as and when the storage space fills up. Be sure to
forward Threat logs and WildFire logs.
To enable a PA-7000 Series to forward logs or forward files to WildFire®, you must first
configure a Log Card Interface on the PA-7000 Series. As soon as you configure this
interface, this port is automatically used—there is no special configuration
required. Just configure a data port on one of the PA-7000 Series Network Processing
Cards (NPCs) as a Log Card interface type and ensure that the network that you use
can communicate with your log servers. For WildFire forwarding, the network must
communicate successfully with the WildFire cloud or WF-500 appliance (or both).
Configure a Log Forwarding Profile