The ESM supports additional log forwarding to Panorama.
When integrated with the ESM, Panorama serves as a Syslog receiver
that ingests logs from ESM components using Syslog over TCP, UDP
or SSL. The ESM supports external log forwarding to up to two different devices—one
of which can be to a log collector or a Panorama which also serves
as a log collector—and to email. However, unlike the configuration
for an external logging platform or email address, you cannot select
individual events to forward to Panorama. Instead, the ESM automatically
sends all events to Panorama.
Forwarding logs to a Panorama log collector yields the following
Panorama provides a single user interface through which
you can view all ESM and Traps activity. This enables you to manage
both network and endpoint health in one place.
Panorama can correlate discrete security-events that
occur on the endpoints with what’s happening on the network to trace
any suspicious or malicious activity across the endpoints and the
firewall. This integrated view gives you more context on the chronology
of events and the evidence you need to detect, identify, and respond
to an incident.
Because a Panorama virtual appliance in legacy mode cannot
ingest Traps logs, you must use a Panorama virtual appliance in