The following table describes how log monitoring and report generation works in Panorama.
Distributed log collection
Panorama performs two functions—configuration and log collection. To facilitate scalability in large deployments, you can use an M-Series appliance to separate the management and log collection functions. Configuring firewalls to send logs to an M-Series appliance in Log Collector mode (Dedicated Log Collector) helps offload the traffic-intensive log collection process from your Panorama management server (an M-Series appliance in Panorama mode or a Panorama virtual appliance). For details, refer to Centralized Logging and Reporting
and Manage Log Collection
Panorama logs and reports provide information about user activity in the managed network. To view user and network activity on Panorama, you don’t need to configure log forwarding from firewalls to Panorama. Log forwarding is required for long-term log storage and for generating reports using logs stored locally in Panorama. If you enable log forwarding
, by default the firewalls buffer logs and send them at a predefined interval to Panorama, though you can change this setting (for details, see
Device > Setup > Management).
Application Command Center (ACC)
tab in Panorama, by default displays information stored locally on Panorama. You can however, change the data source so that Panorama accesses information from the connected firewalls; all the tables pull information dynamically and display an aggregated view of the traffic on your network. For details, see
Report generation and scheduling
You can generate and schedule custom reports on Panorama. For scheduled predefined and custom reports, the firewalls aggregate report statistics every 15 minutes and forward them to Panorama on an hourly basis. For details, see
Monitor > Manage Custom Reports.