Forward Logs to Cortex Data Lake

Cortex Data Lake is Palo Alto Networks’ cloud-based logging infrastructure. Before you can configure your managed firewalls to send logs to Cortex Data Lake (previously called the Logging Service), you need to purchase a license for the volume of logs in your deployment, and install the cloud services plugin. If you already have on premise Log Collectors, you can use Cortex Data Lake to complement and augment your existing setup.
You can view logs forwarded to Cortex Data Lake in the last 30 days on Panorama. You are unable to view logs forwarded to Cortex Data Lake if forwarded logs are more than 30 days old or if you
Enable Duplicate Logging
. To view these logs, log in to the the hub and navigate to the Cortex Data Lake app to use the Explore tab to view the logs older than 30 days.
  1. For firewalls running PAN-OS 8.1 or later releases, you can opt to send logs to both the Cortex Data Lake and to your Panorama and on premise log collection setup when you select
    Enable Duplicate Logging (Cloud and On-Premise)
    . When enabled, the firewalls that belong to the selected Template will save a copy of the logs to both locations. You may select either
    Enable Duplicate Logging (Cloud and On-Premise)
    Enable Cortex Data Lake
    , but not both.

Recommended For You