Community Blog

Log Forwarding for the Cloud Logging Service

by Community Manager on ‎01-24-2019 06:53 AM - last edited on ‎02-07-2019 11:40 AM by (1,064 Views)

Read step-by-step instructions on how to get Log Forwarding for the Cloud Logging Service to an Email Server. If you have questions, Live Community has answers.

 

 

If you're using the cloud based Logging Service to collect all your device and endpoint logs, you may have already looked into log forwarding. If not, this feature is included in Logging Service, so there's no additional licences required to benefit from sending your logs to other receivers like SIEM solutions, the SOC for inceident response, or possibly internal auditing tools.

 

We've now added email notifications as a new means of log forwarding, here's how to enable it:

 

Head over to https://apps.paloaltonetworks.com/apps.

 

Assuming you already configured Log Forwarding, select the instance you want to update. (If you have not set up Log Forwarding just yet, check out  "Add a Log Forwarding App Instance" to do so.)

 

Screenshot of Cloud Service Application Logging Service Log Forwarding

 

Select Email > Click Add

 

Screenshot of create email profile

 

Provide a descriptive name, set the To, (if needed) BCC fields, and a legible Email Subject, and click Add to select which logs need to be forwarded.

 

Screenshot of configure email profile

 

You'll be able to select Log Vendor (i.e., Firewalls, traps, etc.) and which type of Log Type to forward.

 

Screenshot of Log Vendor and Type

 

OPTIONAL: Select which Action, Severity, Type, and/or Category you want to receive. (If no Filters are applied, all logs for that vendor and type will be forwarded.)

 

Screenshot of Action Severity Type Threat Category

 

Or you can create a custom filter.

 

Screenshot of Custom Filter

 

Click Save and Add any additional types you want to receive notifications for. Complete by clicking Save in the Email Forwarding Profile.

 

Screenshot of Completed Email Forwarding Profile

 

A test email will be sent out from noreply@cs.paloaltonetworks.com, so make sure you are able to receive it.

 

 

Here's the admin guides and release notes:

Forward Logs from the Logging Service to an Email Server

Get Started with the Log Forwarding App

Log Forwarding App Release Notes

 

 

Stay frosty!

Reaper out

Ask Questions Get Answers Join the Live Community
Labels