All Palo Alto Networks firewalls can generate logs that
provide an audit trail of firewall activities. For Centralized
Logging and Reporting, you must forward the logs generated
on the firewalls to your on-premise infrastructure that includes
the Panorama™ management server or Log Collectors or send the logs
to the cloud-based Cortex Data Lake. Optionally, you can then configure
Panorama to forward the logs to external logging destinations (such
as syslog servers).
If you forward logs to a Panorama virtual appliance in Legacy
mode, you don’t need to perform any additional tasks to enable logging.
If you forward logs to Log Collectors, you must configure them as
managed collectors and assign them to Collector Groups. A managed
collector can be local to an M-Series appliance, or Panorama virtual
appliance in Panorama mode. Additionally, an M-Series appliance,
or Panorama virtual appliance in Log Collector mode can be Dedicated
Log Collectors. To determine whether to deploy either or both types
of managed collectors, see Local
and Distributed Log Collection.
To manage the System and Config logs that Panorama generates
locally, see Monitor