By default, each firewall stores its log files locally.
To use Panorama for centralized log monitoring and report generation,
you must Configure Log Forwarding to Panorama. You can also use external services for archiving, notification,
or analysis by forwarding logs to the services directly from the firewalls or from Panorama. External services
include syslog servers, email servers, SNMP trap servers, or HTTP-based
services. In addition to forwarding firewall logs, you can forward
the logs that the Panorama management server and Log Collectors
generate. The Panorama management server, Log Collector, or firewall
that forwards the logs converts them to a format that is appropriate
for the destination (syslog message, email notification, SNMP trap,
or HTTP payload).
Forward logs from firewalls to Panorama and from Panorama
to external services—This configuration is best for deployments
in which the connections between firewalls and external services have
insufficient bandwidth to sustain the logging rate, which is often
the case when the connections are remote. This configuration improves
firewall performance by offloading some processing to Panorama.
You can configure each Collector Group to forward
logs to different destinations.
Forward logs from firewalls to Panorama and to external
services in parallel—In this configuration, both Panorama and the
external services are endpoints of separate log forwarding flows;
the firewalls don’t rely on Panorama to forward logs to external
services. This configuration is best for deployments in which the
connections between firewalls and external services have sufficient bandwidth
to sustain the logging rate, which is often the case when the connections