To maximize the efficiency of your incident
response and monitoring operations, you can now create custom log forwarding filters
based on any log attributes (such as threat type or source user).
Instead of forwarding all logs or all logs of specific severity
levels, you can use the filters to forward just the information
you want to monitor or act on. For example, a security operations
analyst who investigates malware attacks might be interested only
in Threat logs with the type attribute set to wildfire-virus.
Configure a server profile for each external service
that will receive logs from the firewall. The profiles define how
the firewall connects to the services.
For example, to configure an HTTP server profile, select
Log Forwarding profile to define the destinations for Traffic, Threat,
WildFire Submission, URL Filtering, Data Filtering, Tunnel and Authentication
In each Log Forwarding profile,
match list profiles
to specify log query filters,
forwarding destinations, and automatic actions such as tagging.
In each match list profile,
based on log attributes.
Assign the Log Forwarding profile to policy rules and
The firewall generates and forwards logs based on traffic
that matches the rules and zones. Security, Authentication, and
DoS Protection rules support log forwarding. For example, to assign
the profile to a Security rule, select
, edit the rule, select
and select the
and configure the destinations
for System, Configuration, User-ID, HIP Match, and Correlation logs.
For each log type that the firewall will forward,
or more match list profiles as you did in the Log Forwarding profile.
PA-7000 Series firewalls only
to configure a log card interface for log
Verify the log destinations you configured are receiving