Focus

Traps Endpoint Security Manager Administrator's Guide

Enable Log Forwarding to Panorama

Table of Contents

Enable Log Forwarding to Panorama

To enable log forwarding to a Panorama log collector, use the following workflow:

Before you begin: If you are enabling SSL for secure syslog communication between Panorama and the ESM Server(s), you must Set Up Secure Communication with Panorama.
To Configure a Panorama log collector to receiveESMandTraps logs, first define the log ingestion profile on Panorama:
1. Select PanoramaLog Ingestion Profile, and click Add.
2. Enter a Name for the profile.
3. Add a new profile and enter the details for the ESM Server. You can add up to four ESM Servers to a profile.
4. Enter a Source Name.
5. Specify the Port on which Panorama will be listening for syslog messages. The range is 23000 to 23999.
6. Select the Transport layer protocol—TCP, UDP, or SSL.
7. Select Traps_ESM for External Log type and 3.4.1+ from the Version drop-down.
As Traps log formats are updated, the updated log definitions will be available through content updates on Panorama.
Attach the log ingestion profile to a Collector Group.
1. Select PanoramaCollector GroupsLog Ingestion and Add the log ingestion profile so that the Collector Group can receive logs from the ESM Server(s) listed in the profile.
  If you are enabling SSL for secure syslog communication between Panorama and the ESM Server(s), verify that an Inbound Certificate for Secure Syslog is selected. For more information, see the Set Up Secure Communication with Panorama.
2. Commit changes to Panorama and the Collector Group.
Enable log forwarding to Panorama on the ESM Console.
If you use a Panorama High Availability (HA) configuration, you can also specify the server and port information of the redundant server. Panorama in HA provides redundancy in the event of a system or network failure.
1. From the ESM Console, select SettingsESMPanorama.
2. Enable log forwarding to Panorama.
3. Configure the following settings:
  - Panorama Server—Hostname or IP address of the Panorama server.
  - Panorama Server Port—Port on which Panorama will be listening for syslog messages.
  - Panorama Failover Server (Optional)—Hostname or IP address of a secondary Panorama server.
  - Panorama Failover Server Port—Port of the secondary Panorama on which Panorama will be listening for syslog messages.
  - Communication Protocol—Transport layer protocol that the ESM uses to send logs to Panorama: TCP, TCP with SSL, or UDP. If you are enabling SSL for secure syslog communication between Panorama and the ESM Server(s), you must also import the Panorama root CA certificate on to the ESM Server as described in the following step.
4. Click Save.
Verify connectivity between the ESM and Panorama.
Click Check Connectivity. The ESM Console sends a test communication to the external logging platform using the settings you configured. If you do not receive the test message, confirm that your settings are correct and then try again.

Set Up Secure Communication With Panorama

View ESM Logs and Correlation Events on Panorama