Manage Log Collection

All Palo Alto Networks firewalls can generate logs that provide an audit trail of firewall activities. For Centralized Logging and Reporting, you must forward the logs generated on the firewalls to your on-premise infrastructure that includes the Panorama™ management server or Log Collectors or send the logs to the cloud-based Cortex Data Lake. Optionally, you can then configure Panorama to forward the logs to external logging destinations (such as syslog servers).
If you forward logs to a Panorama virtual appliance in Legacy mode, you don’t need to perform any additional tasks to enable logging. If you forward logs to Log Collectors, you must configure them as managed collectors and assign them to Collector Groups. A managed collector can be local to an M-Series appliance, or Panorama virtual appliance in Panorama mode. Additionally, an M-Series appliance, or Panorama virtual appliance in Log Collector mode can be Dedicated Log Collectors. To determine whether to deploy either or both types of managed collectors, see Local and Distributed Log Collection.
To manage the System and Config logs that Panorama generates locally, see Monitor Panorama.

Recommended For You