Forward Logs to Panorama

The ESM supports additional log forwarding to Panorama. When integrated with the ESM, Panorama serves as a Syslog receiver that ingests logs from ESM components using Syslog over TCP, UDP or SSL. The ESM supports external log forwarding to up to two different devices—one of which can be to a log collector or a Panorama which also serves as a log collector—and to email. However, unlike the configuration for an external logging platform or email address, you cannot select individual events to forward to Panorama. Instead, the ESM automatically sends all events to Panorama.
Forwarding logs to a Panorama log collector yields the following benefits:
  • Panorama provides a single user interface through which you can view all ESM and Traps activity. This enables you to manage both network and endpoint health in one place.
  • Panorama can correlate discrete security-events that occur on the endpoints with what’s happening on the network to trace any suspicious or malicious activity across the endpoints and the firewall. This integrated view gives you more context on the chronology of events and the evidence you need to detect, identify, and respond to an incident.
Because a Panorama virtual appliance in legacy mode cannot ingest Traps logs, you must use a Panorama virtual appliance in Panorama mode.

Related Documentation