Log forwarding to Panorama

L1 Bithead

Log forwarding to Panorama

Hi,

 

I have some problems with log forwarding from firewall to Panorama because it is consuming a lot of bandwidth. I have configured the firewall to buffer the logs before foward them to Panorama. I would like to know the following:
* When log forwarding initiates from firewall to Panorama (50% or 90% of buffered size for example)?
* How I control the log forwarding to schedule it during off business hours?

 

Anyone can help me?

Thanks in advance.

 

Community Manager

Re: Log forwarding to Panorama

hi @aespinosa

 

Log buffering is only intended for overcoming connectivity issues with panorama: if the firewall is in a location where connectivity to panorama can be spotty ?(due to ISP peering, remote location, bandwidth,...) enabling the buffer ensures no logs get lost when the connection to panorama is lost: the firewall temporarily writes to disk while connectivity is restored and then resumes from the last log in it's buffer

 

this works in 30 second increments

https://www.paloaltonetworks.com/documentation/80/panorama/panorama_adminguide/manage-log-collection...

 

you can try enabling log-suppression to reduce repetitive logs, bit to truly reduce bandwidth usage, you will need to dial down which logs are forwarded 


Help the community: Like helpful comments and mark solutions
Reaper out
L7 Applicator

Re: Log forwarding to Panorama

@aespinosa

If there is somewhere another firewall between the one mentionned in your post and your panorama, there might be another (ugly/bad/not recommended) solution. Depending on the actual amount of logs you could then only allow the connection between the firewall and panorama off business hours. As mentionned this only works if there is enough disk space to store the logs of the day. And this "solution" also means that you cannot manage the firewall from panorama during the day. And you will also loose the logs of one day completely if the firewall dies. So as I said its ugly to do it like that but this the logs are only forwarded outside business hours...

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!