I have some problems with log forwarding from firewall to Panorama because it is consuming a lot of bandwidth. I have configured the firewall to buffer the logs before foward them to Panorama. I would like to know the following:
* When log forwarding initiates from firewall to Panorama (50% or 90% of buffered size for example)?
* How I control the log forwarding to schedule it during off business hours?
Anyone can help me?
Thanks in advance.
Log buffering is only intended for overcoming connectivity issues with panorama: if the firewall is in a location where connectivity to panorama can be spotty ?(due to ISP peering, remote location, bandwidth,...) enabling the buffer ensures no logs get lost when the connection to panorama is lost: the firewall temporarily writes to disk while connectivity is restored and then resumes from the last log in it's buffer
this works in 30 second increments
you can try enabling log-suppression to reduce repetitive logs, bit to truly reduce bandwidth usage, you will need to dial down which logs are forwarded
If there is somewhere another firewall between the one mentionned in your post and your panorama, there might be another (ugly/bad/not recommended) solution. Depending on the actual amount of logs you could then only allow the connection between the firewall and panorama off business hours. As mentionned this only works if there is enough disk space to store the logs of the day. And this "solution" also means that you cannot manage the firewall from panorama during the day. And you will also loose the logs of one day completely if the firewall dies. So as I said its ugly to do it like that but this the logs are only forwarded outside business hours...
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!