Enhanced Application Logging

Enhanced application logging allows the firewall to collect data specifically intended to increase visibility into network activity for the Palo Alto Networks apps and services. For example, with this extended network visibility, Magnifier—the Palo Alto Networks behavior analytics service—can better understand your normal network behavior, in order to recognize unusual behavior that might indicate attacker reconnaissance or lateral movement.
The data this feature collects is designed strictly for Palo Alto Networks apps and services to consume and process (you cannot view enhanced application logs). Only turn on this feature in consultation with your Systems Engineer (SE) and after also enabling the Palo Alto Networks logging service.
To turn on
Enable Enhanced Application Logging
, select
Device
Setup
Management
Logging Service
on the firewall web interface:
logging-service-enhanced-logging-button.png
Then, update the log forwarding profiles that are attached to your security policy rules to
Enable enhanced application logging to Logging Service
(
Objects
Log Forwarding
).
forwarding-profile-enhanced-app-logs.png
Notice that when you enable enhanced application logging in a Log Forwarding profile, match lists that specify the log types required for enhanced application logging are automatically added to the profile. If the Log Forwarding profile that you’ve updated is not yet attached to a security policy rule, be sure to add it to security policy rules to trigger log generation and forwarding for the traffic matched to those rules (select
Policies
Security
Actions
Log Forwarding
and select the Log Forwarding profile enabled with enhanced application logging).

Related Documentation