Log Forwarding for the Cloud Logging Service

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.
Cyber Elite
Cyber Elite

Read step-by-step instructions on how to get Log Forwarding for the Cloud Logging Service to an Email Server. If you have questions, LIVEcommunity has answers.

 

 

 

If you're using the cloud based Logging Service to collect all your device and endpoint logs, you may have already looked into log forwarding. If not, this feature is included in Logging Service, so there's no additional licenses required to benefit from sending your logs to other receivers like SIEM solutions, the SOC for incident response, or possibly internal auditing tools.

 

We've now added email notifications as a new means of log forwarding, here's how to enable it:

 

Head over to https://apps.paloaltonetworks.com/apps.

 

Assuming you already configured Log Forwarding, select the instance you want to update. (If you have not set up Log Forwarding just yet, check out  "Add a Log Forwarding App Instance" to do so.)

 

Cloud Service Application Logging Service Log Forwarding.png

 

Select Email > Click Add

 

create email profile.png

 

Provide a descriptive name, set the To, (if needed) BCC fields, and a legible Email Subject, and click Add to select which logs need to be forwarded.

 

configure email profile.png

 

You'll be able to select Log Vendor (e.g., Firewalls, traps, etc.) and which type of Log Type to forward.

 

Log Vendor and Type.png

 

OPTIONAL: Select which Action, Severity, Type, and/or Category you want to receive. (If no Filters are applied, all logs for that vendor and type will be forwarded.)

 

Action Severity Type Threat Category.png

 

Or you can create a custom filter.

 

Custom Filter.png

 

Click Save and Add any additional types you want to receive notifications for. Complete by clicking Save in the Email Forwarding Profile.

 

Completed Email Forwarding Profile.png

 

A test email will be sent out from noreply@cs.paloaltonetworks.com, so make sure you are able to receive it.

 

 

Here's the admin guides and release notes:

Forward Logs from the Logging Service to an Email Server

Get Started with the Log Forwarding App

Log Forwarding App Release Notes

 

 

Stay frosty!

Reaper out

  • 6183 Views
  • 0 comments
  • 2 Likes
Register or Sign-in
About the Author
I drink and I know things
Labels
Top Liked Authors