https://live.paloaltonetworks.com/t5/general-topics/log-forwarding/m-p/503794#M105460 <P>Hello&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/198708">@CraigAddison</a></P><P>&nbsp;</P><P>for Traffic, Threat, URL, Data Filtering, WildFire,...logs you have to enable Log Forwarding profile under each security policy. This type of log gets generated depending on log type when for example security policy is getting hit, threat signature is getting hit, there is a URL category match. As long as you have: "Log at Session End" enabled and a Log Forwarding profile in place with Panorama set as destination, logs will be sent to Panorama's log collector. Here is corresponding KB:&nbsp;<A href="https://knowledgebase.paloaltonetworks.com/kcSArticleDetail?id=kA10g000000ClGL" target="_blank">https://knowledgebase.paloaltonetworks.com/kcSArticleDetail?id=kA10g000000ClGL</A></P><P>&nbsp;</P><P>For System, Configuration, User-ID... logs, you can configure it from Device &gt; Log Settings. This log will get forwarded to Panorama's log collector as it gets generated on Firewall. Since this log type is not traffic dependent even passive Firewall will generated some system logs.</P><P>&nbsp;</P><P>If you do not see logs in Panorama, I would recommend to go through this KB:&nbsp;<A href="https://knowledgebase.paloaltonetworks.com/kCSArticleDetail?id=kA10g000000ClXA" target="_blank">https://knowledgebase.paloaltonetworks.com/kCSArticleDetail?id=kA10g000000ClXA</A></P><P>&nbsp;</P><P>I would check below points:</P><P>- Make sure that Firewall is assigned to log collector and this change has been committed and pushed to log collector.</P><P>- Make sure that on Firewall side from CLI: "show log-collector preference-list" you will see log collectors IP addresses. I had a case before that this was not applied until I restarted management process.</P><P>- Make sure you will see the log received in Panorama from CLI:&nbsp;show logging-status device &lt;serial number&gt;.</P><P>- Make sure that Firewall and Panorama are using the same time/time zone.</P><P>- Make sure there are no restrictions/blocked ports between Firewall and log collector.</P><P>&nbsp;</P><P>Kind Regards</P><P>Pavel</P> Wed, 15 Jun 2022 13:00:01 GMT PavelK 2022-06-15T13:00:01Z https://live.paloaltonetworks.com/t5/general-topics/log-forwarding/m-p/503767#M105458 <P>I have setup Syslog forwarding from multiple firewalls to a log collector, but I cannot see any Syslog traffic in the logs. Does this traffic get logged by the firewall/Panorama, or is it allowed through without needing a firewall policy?</P> Wed, 15 Jun 2022 11:23:38 GMT https://live.paloaltonetworks.com/t5/general-topics/log-forwarding/m-p/503767#M105458 CraigAddison 2022-06-15T11:23:38Z https://live.paloaltonetworks.com/t5/general-topics/log-forwarding/m-p/503794#M105460 <P>Hello&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/198708">@CraigAddison</a></P><P>&nbsp;</P><P>for Traffic, Threat, URL, Data Filtering, WildFire,...logs you have to enable Log Forwarding profile under each security policy. This type of log gets generated depending on log type when for example security policy is getting hit, threat signature is getting hit, there is a URL category match. As long as you have: "Log at Session End" enabled and a Log Forwarding profile in place with Panorama set as destination, logs will be sent to Panorama's log collector. Here is corresponding KB:&nbsp;<A href="https://knowledgebase.paloaltonetworks.com/kcSArticleDetail?id=kA10g000000ClGL" target="_blank">https://knowledgebase.paloaltonetworks.com/kcSArticleDetail?id=kA10g000000ClGL</A></P><P>&nbsp;</P><P>For System, Configuration, User-ID... logs, you can configure it from Device &gt; Log Settings. This log will get forwarded to Panorama's log collector as it gets generated on Firewall. Since this log type is not traffic dependent even passive Firewall will generated some system logs.</P><P>&nbsp;</P><P>If you do not see logs in Panorama, I would recommend to go through this KB:&nbsp;<A href="https://knowledgebase.paloaltonetworks.com/kCSArticleDetail?id=kA10g000000ClXA" target="_blank">https://knowledgebase.paloaltonetworks.com/kCSArticleDetail?id=kA10g000000ClXA</A></P><P>&nbsp;</P><P>I would check below points:</P><P>- Make sure that Firewall is assigned to log collector and this change has been committed and pushed to log collector.</P><P>- Make sure that on Firewall side from CLI: "show log-collector preference-list" you will see log collectors IP addresses. I had a case before that this was not applied until I restarted management process.</P><P>- Make sure you will see the log received in Panorama from CLI:&nbsp;show logging-status device &lt;serial number&gt;.</P><P>- Make sure that Firewall and Panorama are using the same time/time zone.</P><P>- Make sure there are no restrictions/blocked ports between Firewall and log collector.</P><P>&nbsp;</P><P>Kind Regards</P><P>Pavel</P> Wed, 15 Jun 2022 13:00:01 GMT https://live.paloaltonetworks.com/t5/general-topics/log-forwarding/m-p/503794#M105460 PavelK 2022-06-15T13:00:01Z