MENU

Home | Panorama | Panorama™ Administrator’s Guide

| Manage Log Collection
| Configure Log Forwarding from Panorama to External
Destinations

Document: Panorama™
Administrator’s Guide

Configure Log
Forwarding from
Panorama to
External
Destinations
DOWNLOAD PDF #

LAST Mon Mar 11 12:49:13 PDT

UPDATED: 2019
CURRENT VERSION: 7.1 #

! PREVIOUS NEXT "

Panorama enables you to forward logs to external

servers, including syslog, email, and SNMP trap
servers. Forwarding firewall logs from Panorama
reduces the load on the firewalls and provides a
reliable and streamlined approach to forwarding
logs to remote destinations. You can also forward
logs that Panorama and its managed collectors
generate.

To forward firewall logs directly to ex-

ternal services and also to Panorama,
see Configure Log Forwarding. For de-
tails about all the log collection deploy-
ments that Panorama supports, see Log
Forwarding Options. On a Panorama
virtual appliance running Panorama 5.1
or earlier releases, you can use Secure
Copy (SCP) commands from the CLI to

$ export the entire log database to an

SCP server and import it to another
Panorama virtual appliance. A Panora-
ma virtual appliance running Panorama
6.0 or later releases, and M-Series ap-
pliances running any release, do not
support these options because the log
database on those appliances is too
large for an export or import to be
practical.

STEP 1 !
Configure the firewalls to forward logs to
Panorama.

Configure Log Forwarding to Panorama.

STEP 2 !
Configure a server profile for each external
service that will receive log data.

1 Select Panorama > Server Profiles and select

the type of server that will receive the log data:
SNMP Trap, Syslog, or Email.

2 Configure the server profile. Optionally, you

can configure separate profiles for different log
types and severity levels or WildFire verdicts.

• Configure an SNMP Trap server profile. For

details on how Simple Network
Management Protocol (SNMP) works for
Panorama and Log Collectors, refer to
SNMP Support.

• Configure a Syslog server profile. If the

syslog server requires client authentication,
use the Panorama > Certificate
Management > Certificates page to create
a certificate for securing syslog
communication over SSL.

• Configure an Email server profile.

STEP 3 !
Configure destinations for:

Firewall logs that a Panorama virtual

appliance collects.

Logs that Panorama (a virtual

appliance or M-Series appliance) and
managed collectors generate.

1 Select Panorama > Log Settings.

2 For System, Correlation, and Threat logs, click

each Severity level, select the SNMP Trap,
Email, or Syslog server profile you just created,
and click OK.

3 For WildFire logs, click each Verdict, select the

SNMP Trap, Email, or Syslog server profile you
just created, and click OK.

4 For Config, HIP Match, and Traffic logs, edit the

corresponding section, select the SNMP Trap,
Email, or Syslog server profile you just created,
and click OK.

STEP 4 !
( M-Series appliance only ) Configure
destinations for firewall logs that an M-
Series appliance in Panorama or Log
Collector mode collects.

Each Collector Group can forward logs to

different destinations. If the Log Collectors are
local to a high availability (HA) pair of M-Series
appliances in Panorama mode, you must log
into each HA peer to configure log forwarding
for its Collector Group.

1 Select Panorama > Collector Groups and

select the Collector Group that receives the
firewall logs.

2 ( SNMP trap forwarding only ) Select the

Monitoring tab and configure the settings.

3 Select the Collector Log Forwarding tab.

4 For each log Severity level in the System,

Threat, and Correlation tabs, click a cell in the
SNMP Trap, Email Profile, or Syslog Profile
column, and select the server profile you just
created.

5 In the Config, HIP Match, and Traffic tabs,

select the SNMP Trap, Email, or Syslog server
profile you just created.

6 For each Verdict in the WildFire tab, click a cell

in the SNMP Trap, Email Profile, or Syslog
Profile column, and select the server profile
you just created.

7 Click OK to save your changes to the Collector

Group.

STEP 5 !
( Syslog forwarding only ) If the syslog
server requires client authentication and
the firewalls forward logs to Dedicated Log
Collectors, assign a certificate that secures
syslog communication over SSL.

Perform the following steps for each Dedicated Log

Collector:

1 Select Panorama > Managed Collectors and

select the Log Collector.

2 In the General tab, select the Certificate for

Secure Syslog and click OK.

STEP 6 !
( SNMP trap forwarding only ) Enable your
SNMP manager to interpret traps.

Load the Supported MIBs and, if necessary, compile

them. For the specific steps, refer to the
documentation of your SNMP manager.

STEP 7 !
Commit your configuration changes.

1 Click Commit, set the Commit Type to

Panorama, and click Commit again.

2 Click Commit, set the Commit Type to Device

Group, select all the device groups of the
firewalls from which Panorama collects logs,
Include Device and Network Templates, and
click Commit again.

3 ( M-Series appliance only ) Click Commit, set

the Commit Type to Collector Group, select
the Collector Group you just configured to
forward logs, and click Commit again.
"
STEP 8 !
Verify the external services are receiving
logs from Panorama.

 Email server—Verify that the specified recipients

are receiving logs as email notifications.

 Syslog server—Refer to the documentation for

your syslog server to verify it is receiving logs as
syslog messages.

 SNMP manager— Use an SNMP Manager to

Explore MIBs and Objects to verify it is receiving
logs as SNMP traps.

! PREVIOUS NEXT "

Related Documentation
Configure Log
Forwarding from…
Panorama to External
Panorama enables you to forward logs to
external servers, including syslog, email,
and SNMP trap servers. ... Forwarding…
firewall logs from Panorama reduces the
load on the firewalls and provides a...

Verify Log Forwarding to

Panorama
Version 8.0 ... Version 7.1 ... After you
Configure Log Forwarding to Panorama,
test that your configuration succeeded. .…
If you configured Log Collectors, verify
that each firewall has a log for...

Configure Log
Forwarding to Panorama
By default, firewalls store all log files
locally. ... To aggregate logs on Panorama,
you must configure the firewalls to…
forward logs to Panorama. ... To forward
firewall logs directly to external...

Configure Log
Forwarding
To use Panorama or Use External Services
for Monitoring the firewall, you must
configure the firewall to forward its logs…
... Before forwarding to external services,
the firewall automatically con...

TECHNICAL DOCUMENTATION

Release Notes
Search
Blog
Compatibility Matrix
OSS Listings
Sitemap

COMPANY

About
Careers
Customer Support
LIVE Community
Knowledge Base

LEGAL NOTICES

Privacy
Terms of Use
Documents
GDPR Readiness

© 2019 Palo Alto Networks, Inc. All rights reserved.