Hello - I have Firewalls configured with Log Forwarding to Panorama. The question is, do the traffic logs of the Firewall Gateway keeps the copy of the logs and send another copy to Panorama or does it have only one copy forwarded to Panorama
Can i configure to forward all the traffic logs of the Firewall to the Panorama and not to keep local copy in the Firewall?
Solved! Go to Solution.
I believe this can be done not setting a log action on a security policy, but enabling the log forwarding option. Typically i have local logs on the firewall as well as the copy send to panorama. I believe the checkbox for "log session start or end" controls the local logging while the fowarding option will do panorama or syslog.
no this is not possible
the logs are first generated and collected by the firewall process (the log is started at the beginning of the session and only completed at the end of the session) and then after the log is written locally, it will forward the logfile to panorama
(technically: logrcvr process is responsible for generating and writing logs locally, varrcvr process forwards log externally)
you can set your local log storage to be incredibly small so 'old' logs get overwritten very quickly, but this would also cause logs to get lost if you ever experience connectivity issues to panorama (as then the logs won't get forwarded and overwritten quickly thereafter)
only logs that are written locally first can be forwarded to panorama (so disabling logs and then enabling logforwarding as suggested by @mmelone would not create any logs)
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!