Panorama aggregates logs from all managed firewalls
and enables reporting on the aggregated data for a global view of
application use, user activity, and traffic patterns across the
entire network. As soon as the firewalls are added to Panorama,
the ACC can display all traffic traversing your network. With logging enabled,
clicking into a log entry in the ACC provides direct access to granular
details about the application.
For generating reports, Panorama uses two sources: the local
Panorama database and the remote firewalls that it manages. The
Panorama database refers to the local storage on Panorama that is
allocated for storing both summarized logs and some detailed logs.
If you have a distributed Log Collection deployment, the Panorama
database includes the local storage on Panorama and all the managed
Log Collectors. Panorama summarizes the information—traffic, application,
threat— collected from all managed firewalls at 15-minute intervals.
Using the local Panorama database allows for faster response times, however,
if you prefer to not forward logs to Panorama, Panorama can directly
access the remote firewall and run reports on data that is stored
locally on the managed firewalls.
Panorama offers more than 40 predefined reports that can be used
as is, or they can be customized by combining elements of other
reports to generate custom reports and report groups that can be
saved. Reports can be generated on demand, on a recurring schedule,
and can be scheduled for email delivery. These reports provide information
on the user and the context so that you correlate events and identify patterns,
trends, and potential areas of interest. With the integrated approach
to logging and reporting, the ACC enables correlation of entries
from multiple logs relating to the same event.