On This Page
Panorama 9.x or 10.x Log Forwarding and Accountability
Overview
For general information about sending syslogs, see Sending Additional Information using Syslog.
Panorama log forwarding requires you to do the following:
- Forward traffic logs to Panorama: We recommend that traffic logs from PanOS firewalls be sent to Panorama devices that are connected to TOS Aurora. However, TOS Aurora can also receive logs from PanOS firewall devices directly.
- Enable accountability: Enabling accountability ensures that firewall changes made by SecureChange and manual firewall changes made using Panorama are seen by SecureTrack.
For more information, see the Palo Alto Networks technical documentation site:
-
For PanOS 9: Configure Log Forwarding and Device > Server Profiles > Syslog
-
For PanOS 10: Configure Log Forwarding and Device > Server Profiles > Syslog
Forward Traffic Logs to Panorama
These steps will explain how to send the firewall traffic logs to a Panorama device (for Panorama version 9.x), and then configure the Panorama to forward the logs to SecureTrack.
-
Log into the Panorama device.
-
Modify a log forwarding profile to enable the log forwarding for the Panorama device.
-
In the Objects tab, navigate to Log Forwarding.
-
Click on the link of the log forwarding profile.
-
Click on a log forwarding profile match list link.
-
Select Panorama/Logging Service.
-
In the Syslog area, select an existing syslog profile or click Add to create a syslog profile.
-
Click OK and OK.
-
Add SecureTrack to the syslog server profile to ensure that the Panorama forwards the logs to SecureTrack.
-
In the Devices tab, navigate to Syslog (under Server Profiles).
-
Click on the link of the syslog server profile to which you want to add SecureTrack.
-
Click the Add button, and enter the details of the SecureTrack server.
-
Name: The name of the SecureTrack server.
-
Syslog Server: The IP address of the syslog server.
-
Facility: LOG_LOCAL7 facility .
-
The Syslog Server Profile dialog box is displayed.
-
- Click OK.
The Log Forwarding Profile dialog box is displayed.
The Log Forwarding Profile Match List dialog box is displayed.
Enable Accountability
- In the Panorama tab, navigate to Server Profiles > Syslog.
-
Add a new syslog server profile.
-
From the bottom of the screen, select +Add.
The Syslog Server Profile dialog box appears.
-
Enter a name for your syslog server profile.
-
+Add at least one syslog server. The syslog server must direct to the appropriate TOS Aurora destination described in Sending Additional Information via Syslog.
-
-
In the Panorama tab, navigate to Log Settings.
-
In the Configuration table, click the Add button to configure a new log.
-
In the Forward Method table:
-
Select Syslog
-
Click the Add button, and select the Syslog Server Profile you added in Step 2.
-
-
Click OK.
The Log Settings - Configuration dialog box is displayed.
Was this helpful?
Thank you!
We’d love your feedback
We really appreciate your feedback
Send this page to a colleague