Panorama 9.x or 10.x Log Forwarding and Accountability

Overview

For general information about sending syslogs, see Sending Additional Information using Syslog.

Panorama log forwarding requires you to:

• Forward traffic logs to Panorama - If the firewall was imported via Panorama, SecureTrack will not recognize logs sent directly by the firewall. The logs must be sent by the firewall to Panorama, and then Panorama forwards the traffic logs to SecureTrack
• Enable accountability - Enabling accountability ensures that firewall changes made by SecureChange and manual firewall changes made via Panorama are seen by SecureTrack.

For more information, see the Palo Alto Networks technical documentation site:

• For PanOS 9: Configure Log Forwarding and Device > Server Profiles > Syslog

• For PanOS 10: Configure Log Forwarding and Device > Server Profiles > Syslog

Forward Traffic Logs to Panorama

These steps will explain how to send the firewall traffic logs to a Panorama device (for Panorama version 9.x), and then configure the Panorama to forward the logs to SecureTrack.

1. Log into the Panorama device.

2. Modify a log forwarding profile to enable the log forwarding for the Panorama device.

1. In the Objects tab, navigate to Log Forwarding.

2. Click on the link of the log forwarding profile.



The Log Forwarding Profile dialog box is displayed.



3. Click on a log forwarding profile match list link.

The Log Forwarding Profile Match List dialog box is displayed.



4. Select Panorama/Logging Service.

5. In the Syslog area, select an existing syslog profile or click Add to create a syslog profile.

6. Click OK and OK.

3. Add SecureTrack to the syslog server profile to ensure that the Panorama forwards the logs to SecureTrack.

   1. In the Devices tab, navigate to Syslog (under Server Profiles).

   2. Click on the link of the syslog server profile to which you want to add SecureTrack.

   

   The Syslog Server Profile dialog box is displayed.

   

   3. Click the Add button, and enter the details of the SecureTrack server.

      • Name: The name of the SecureTrack server.

      • Syslog Server: The IP address of the syslog server.

      • Facility: LOG_LOCAL7 facility .

4. Click OK.

Enable Accountability

1. In the Panorama tab, navigate to Server Profiles > Syslog.

2. Add a new syslog server profile.

   1. From the bottom of the screen, select +Add.

      The Syslog Server Profile dialog box appears.

   2. Enter a name for your syslog server profile.

   3. +Add at least one syslog server. The syslog server must direct to syslog-vip.

      

3. In the Panorama tab, navigate to Log Settings.

4. In the Configuration table, click the Add button to configure a new log.

   

The Log Settings - Configuration dialog box is displayed.



5. In the Forward Method table:

   1. Select Syslog

   2. Click the Add button, and select the Syslog Server Profile you added in Step 2.

6. Click OK.