Panorama System and Configuration Logs

You can configure Panorama to send notifications when a system event or configuration change occurs. By default, Panorama records every configuration change in the Config logs. In the System logs, each event has a severity level to indicate its urgency and impact. When you Configure Log Forwarding from Panorama to External Destinations, you can forward all System and Config logs or filter the logs based on attributes such as the receive time or severity level (System logs only). The following table summarizes the severity levels for System logs:
Indicates a failure and the need for immediate attention, such as a hardware failure, including high availability (HA) failover and link failures.
Serious issues that will impair the operation of the system, including disconnection of a Log Collector or a commit failure.
Mid-level notifications, such as Antivirus package upgrades, or a Collector Group configuration push.
Minor severity notifications, such as user password changes.
Notification events such as log in or log out, any configuration change, authentication success and failure notifications, commit success, and all other events that the other severity levels don’t cover.
Panorama stores the System and Config logs locally; the exact location and storage capacity varies by Panorama model (see Log and Report Storage). Upon reaching the capacity limit, Panorama deletes the oldest logs to create space for new logs. If you need to store the logs for longer periods than what the local storage allows, you can Configure Log Forwarding from Panorama to External Destinations.
For information on using Panorama to monitor firewall logs, see Monitor Network Activity.

Related Documentation