Forward Logs to Cortex Data Lake

Cortex Data Lake is Palo Alto Networks’ cloud-based logging infrastructure. Before you can configure your managed firewalls to send logs to Cortex Data Lake (previously called the Logging Service), you need to purchase a license for the volume of logs in your deployment, and install the cloud services plugin. If you already have on premise Log Collectors, you can use Cortex Data Lake to complement and augment your existing setup.
  1. For firewalls running PAN-OS 8.1 or later releases, you can opt to send logs to both the Cortex Data Lake and to your Panorama and on premise log collection setup when you select
    Enable Duplicate Logging (Cloud and On-Premise)
    . When enabled, the firewalls that belong to the selected Template will save a copy of the logs to both locations. You may select either
    Enable Duplicate Logging (Cloud and On-Premise)
    or
    Enable Logging Service
    , but not both.
    logging-service-duplicate-logging.png

Related Documentation