Focus

Next-Generation Firewall

Configure Log Forwarding

Table of Contents

Filter

Expand All | Collapse All

Next-Generation Firewall Docs

Getting Started
Administration
Networking
Quick Start
Reference
Incidents & Alerts
Release Notes
Select a Document
- PAN-OS 12.1
- PAN-OS 11.2
- PAN-OS 11.1
- PAN-OS 11.0 (EoL)
- PAN-OS 10.2
- PAN-OS 10.1
- PAN-OS 10.0 (EoL)
- PAN-OS 9.1 (EoL)
- PAN-OS 9.0 (EoL)
- PAN-OS 8.1 (EoL)
Help
Select a Document
- PAN-OS 12.1
- PAN-OS 11.2
- PAN-OS 11.1
- PAN-OS 10.2
- PAN-OS 10.1

Use External Services for Monitoring

Configure Email Alerts

Configure Log Forwarding

Where Can I Use This?	What Do I Need?
NGFW	For Strata Cloud Manager managed NGFWs: Strata Cloud Manager Pro Strata Cloud Manager Essentials

In an environment where you use multiple firewalls to control and analyze network traffic, any single firewall can display logs and reports only for the traffic it monitors. Because logging in to multiple firewalls can make monitoring a cumbersome task, you can more efficiently achieve global visibility into network activity by forwarding the logs from all firewalls to Panorama or external services. If you Use External Services for Monitoring, the firewall automatically converts the logs to the necessary format: syslog messages, SNMP traps, email notifications, or as an HTTP payload to send the log details to an HTTP(S) server. In cases where some teams in your organization can achieve greater efficiency by monitoring only the logs that are relevant to their operations, you can create forwarding filters based on any log attributes (such as threat type or source user). For example, a security operations analyst who investigates malware attacks might be interested only in Threat logs with the type attribute set to wildfire-virus.

By default, logs are forwarded over the management interface unless you configure a dedicated service route to forward logs. Forwarded logs have a maximum log record size of 4,096 bytes. A forwarded log with a log record size larger than the maximum is truncated at 4,096 bytes while logs that do not exceed the maximum log record size are not.

Log forwarding is supported only for supported log fields. Forwarding logs that contain unsupported log fields or pseudo-fields causes the firewall to crash.

You can forward logs from the firewalls directly to external services or from the firewalls to Panorama and then configure Panorama to forward logs to the servers. Refer to Log Forwarding Options for the factors to consider when deciding where to forward logs.

You can use Secure Copy (SCP) commands from the CLI to export the entire log database to an SCP server and import it to another firewall. Because the log database is too large for an export or import to be practical on the PA-7000 Series firewall, it does not support these options. You can also use the web interface on all platforms to View and Manage Reports, but only on a per log type basis, not for the entire log database.

Use External Services for Monitoring

Configure Email Alerts

Next-Generation Firewall Docs

Configure Log Forwarding

Next-Generation Firewall Docs

Configure Log Forwarding

Activation and Onboarding

Next-Generation Firewalls

SASE

Cloud-Delivered Security Services

Network Security

Endpoints

Visibility & Monitoring

FedRAMP

Hardware Reference

Hardware Quick Start Guides

Virtual ION Deployment

3rd Party Integrations

Best Practices

Experts Corner