By default, each firewall stores its log files locally.
To use Panorama for centralized log monitoring and report generation,
you must Configure
Log Forwarding to Panorama. Panorama supports forwarding
logs to either a Log Collector, the Cortex Data Lake, or both
in parallel. You can also use external services for archiving, notification,
or analysis by forwarding logs to the services directly from the firewalls or from Panorama. External
services include the syslog servers, email servers, SNMP trap servers,
or HTTP-based services. In addition to forwarding firewall logs,
you can forward the logs that the Panorama management server and
Log Collectors generate. The Panorama management server, Log Collector,
or firewall that forwards the logs converts them to a format that
is appropriate for the destination (syslog message, email notification,
SNMP trap, or HTTP payload).
Forward logs from firewalls to Panorama and from Panorama
to external services—This configuration is best for deployments
in which the connections between firewalls and external services
have insufficient bandwidth to sustain the logging rate, which is
often the case when the connections are remote. This configuration
improves firewall performance by offloading some processing to Panorama.
You can configure each Collector Group to forward
logs to different destinations.
Forward logs from firewalls to Panorama and to external
services in parallel—In this configuration, both Panorama and the
external services are endpoints of separate log forwarding flows;
the firewalls don’t rely on Panorama to forward logs to external
services. This configuration is best for deployments in which the
connections between firewalls and external services have sufficient
bandwidth to sustain the logging rate, which is often the case when
the connections are local.