Track activity of Panorama™ management server administrators
on the web interface or CLI for auditing purposes.
| Where Can I Use This? | What Do I Need? |
- NGFW (Managed by Panorama)
|
|
Track administrator activity on the web interface
and CLI of your Panorama™ management server, managed firewalls,
and Log Collectors to achieve real time reporting of activity across
your deployment. If you have reason to believe an administrator
account is compromised, you have a full history of where this administrator
account navigated throughout the web interface or what operational commands
they executed so you can analyze in detail and respond to all actions
the compromised administrator took.
When an event occurs, an audit log is generated and forwarded to the specified syslog server each
time an administrator navigates through the web interface or when an
operational command is executed in the
CLI. An audit log is generated for each navigation or commend executed. Take for
example if you want to create a new address object. An audit log is generated when
you click on
Objects, and a second audit log is generated
when you then click on Addresses.
Audit logs are only visible as syslogs forwarded to your syslog server and cannot be viewed in
the Panorama or managed firewall web interface. Audit logs can only be forwarded to
a syslog server, cannot be forwarded to Strata Logging Service, and are not
stored locally on the firewall, Panorama, or Log Collector.