Forward Logs to Cortex Data Lake

Cortex Data Lake is Palo Alto Networks’ cloud-based logging infrastructure. Before you can configure your managed firewalls to send logs to Cortex Data Lake, you need to purchase a license for the volume of logs in your deployment, and install the cloud services plugin. If you already have on premise Log Collectors, you can use the Logging Service to complement and augment your existing setup.
  1. For firewalls running PAN-OS 8.1, you can opt to send logs to both Cortex Data Lake and to your Panorama and on premise log collection setup when you select
    Enable Duplicate Logging (Cloud and On-Premise)
    . When enabled, the firewalls that belong to the selected Template will save a copy of the logs to both locations. You may select either
    Enable Duplicate Logging (Cloud and On-Premise)
    or
    Enable Logging Service
    , but not both.
    When you
    Enable Duplicate Logging (Cloud and On-Premise)
    , managed firewalls save a copy of all log data to both the Log Collector and Cortex Data Lake except for system and configuration logs, which are sent to the Log Collector only.

Recommended For You