Forward Logs to Cortex Data Lake
Cortex Data Lake is Palo Alto Networks’ cloud-based
logging infrastructure. Before you can configure your managed firewalls
to send logs to Cortex Data Lake (previously called the Logging
Service), you need to purchase a license for the volume of logs
in your deployment, and install the cloud services plugin. If you
already have on premise Log Collectors, you can use Cortex Data
Lake to complement and augment your existing setup.
You can view logs forwarded
to Cortex Data Lake in the last 30 days on Panorama. You are unable
to view logs forwarded to Cortex Data Lake if forwarded logs are more
than 30 days old or if you
Enable Duplicate Logging
.
To view these logs, log in to the the hub and navigate to
the Cortex Data Lake app to use the Explore tab to view the
logs older than 30 days.- For firewalls running PAN-OS 8.1 or later releases, you can opt to send logs to both the Cortex Data Lake and to your Panorama and on premise log collection setup when you selectEnable Duplicate Logging (Cloud and On-Premise). When enabled, the firewalls that belong to the selected Template will save a copy of the logs to both locations. You may select eitherEnable Duplicate Logging (Cloud and On-Premise)orEnable Cortex Data Lake, but not both.
