Cortex Data Lake Logging for Firewalls without Panorama

Palo Alto Networks® Cortex Data Lake provides cloud-based, centralized log storage and aggregation for firewalls and certain services, including GlobalProtect cloud service and Traps management service. With Cortex Data Lake, Palo Alto Networks takes care of the ongoing maintenance and monitoring of your logging infrastructure so that you can focus on your business.
Until PAN-OS 9.0.3, Panorama was required to onboard firewalls to Cortex Data Lake, and to view logs stored in Cortex Data Lake. Now, with PAN-OS 9.0.3 and later, you can enable non-Panorama manged firewalls to securely connect and log to Cortex Data Lake.
logging_service.png
Here’s how to get started after you’ve Upgraded firewalls to PAN-OS 9.0.3:
  • Get your Cortex Data Lake license.
    Use the Cortex Sizing Calculator to calculate the amount of storage you might need in Cortex Data Lake.
    When you purchase Cortex Data Lake, all firewalls registered to your support account are licensed for Cortex Data Lake. You’ll also receive an auth code that you’ll use to activate Cortex Data Lake.
  • You can activate Cortex Data Lake on the Cortex hub. Here you’ll generate a pre-shared key that the firewall requires to securely connect to Cortex Data Lake.
    Activating Cortex Data Lake also gives you access to apps that you can use to manage and view your log data:
    • Use the Cortex Data Lake app to allocate the amount of storage for each log type you want to forward, and to check Cortex Data Lake status.
    • Use Explore to search, filter, and export log data.
    • Use the Log Forwarding app to forward logs stored in Cortex Data Lake to a Syslog or email server.
    apps.png
  • Start forwarding firewall logs to Cortex Data Lake.
    This includes using the pre-shared key you generated on the Cortex hub to securely connect the firewall to Cortex Data Lake. Then, you’ll specify the log types you want the firewall to send to Cortex Data Lake.
Learn more about Cortex Data Lake, and how you can enable firewalls to start logging to the cloud.

Related Documentation