https://live.paloaltonetworks.com/t5/panorama-discussions/granular-filtering-for-panorama-logging-service-in-log/m-p/417085#M187 <P>Currently we are managing all firewall from Panorama and configured log forwarding profile to forward logs to panorama/logging service. To enable log forwarding to logging service we have also enabled option to forward logs in cortex data lake in all firewall (device &gt; setup&gt;management &gt; enabled duplicate logging ). On cortex data lake instance we have enabled logging only for URL logs.</P><P>have some below query and requirement :</P><P>Q1. As we have enabled log forwarding to panorama/logging service for all log types , all logs forwarding to panorama. What about cortex data lake ?. Firewall forwarding only url logs or all logs to cortex data lake ? If all logs forwarding to cortex data lake and we are storing only url logs then it will be unnecessary utilization of our internet bandwidth.</P><P>&nbsp;</P><P>Q2. Can we forward only url filtering logs only to cortex data lake , same logs should not be forwarded to panorama.</P><P>&nbsp;</P><P>Q3 . As we have enabled duplicate logging , additional cortex data lake instance is not helping us to improve log retention as its storing the same logs which on-premise panorama is storing. We need some alternative so that logs will be forwarded either to panorama or cortex data lake to manage logging disk.</P><P>&nbsp;</P><P>Q4. in addition to my second query (Q3) , currently all four locations firewall is managed via panorama. out of this if we forward two firewall logs only to cortex data lake then we can achieve our requirement , want to know configurational changes and challenges.</P><P>I have reviewed cortex data lake admin guide , found below consideration :</P><P>- if we disabled duplicate logging option in firewall (device &gt;setup &gt; mgmt &gt;cortex data lake) , any chance of loss of logs of old logs stored in panorama.</P><P>- can we onboard panorama managed firewall ? here log will forward to cortex data lake but firewall will be managed by panorama.</P><P>Because currently cortex data lake is bind with panorama and through panorama all firewalls were connected to cortex data lake.</P><P>&nbsp;</P><P>&nbsp;</P> Mon, 05 Jul 2021 04:48:51 GMT Deepak25 2021-07-05T04:48:51Z https://live.paloaltonetworks.com/t5/panorama-discussions/granular-filtering-for-panorama-logging-service-in-log/m-p/417085#M187 <P>Currently we are managing all firewall from Panorama and configured log forwarding profile to forward logs to panorama/logging service. To enable log forwarding to logging service we have also enabled option to forward logs in cortex data lake in all firewall (device &gt; setup&gt;management &gt; enabled duplicate logging ). On cortex data lake instance we have enabled logging only for URL logs.</P><P>have some below query and requirement :</P><P>Q1. As we have enabled log forwarding to panorama/logging service for all log types , all logs forwarding to panorama. What about cortex data lake ?. Firewall forwarding only url logs or all logs to cortex data lake ? If all logs forwarding to cortex data lake and we are storing only url logs then it will be unnecessary utilization of our internet bandwidth.</P><P>&nbsp;</P><P>Q2. Can we forward only url filtering logs only to cortex data lake , same logs should not be forwarded to panorama.</P><P>&nbsp;</P><P>Q3 . As we have enabled duplicate logging , additional cortex data lake instance is not helping us to improve log retention as its storing the same logs which on-premise panorama is storing. We need some alternative so that logs will be forwarded either to panorama or cortex data lake to manage logging disk.</P><P>&nbsp;</P><P>Q4. in addition to my second query (Q3) , currently all four locations firewall is managed via panorama. out of this if we forward two firewall logs only to cortex data lake then we can achieve our requirement , want to know configurational changes and challenges.</P><P>I have reviewed cortex data lake admin guide , found below consideration :</P><P>- if we disabled duplicate logging option in firewall (device &gt;setup &gt; mgmt &gt;cortex data lake) , any chance of loss of logs of old logs stored in panorama.</P><P>- can we onboard panorama managed firewall ? here log will forward to cortex data lake but firewall will be managed by panorama.</P><P>Because currently cortex data lake is bind with panorama and through panorama all firewalls were connected to cortex data lake.</P><P>&nbsp;</P><P>&nbsp;</P> Mon, 05 Jul 2021 04:48:51 GMT https://live.paloaltonetworks.com/t5/panorama-discussions/granular-filtering-for-panorama-logging-service-in-log/m-p/417085#M187 Deepak25 2021-07-05T04:48:51Z