I have panoram installed and configured. I have my PA FW that is now sending traffic logs and system logs, and threat logs to the Panorama.
1. How can I configure PA FW to send URL logs to the Panorama ?? as I do not see any url logs in the panoram from the PA FW ?
2. Panoram is now reading the current logs, how can I export the existing 1 month old logs from PA FW to panorama ?
Solved! Go to Solution.
Check your profile and make sure you are sending "Informational" and "Low" level events. I believe the URL filtering alerst are considered informational. Also make sure your URL catagories are configured for ALERT or BLOCK. ANything configured for allow will not be logged.
Thanks for this one, but my question was that when I had Panorama installed, already 40% logs were in the PA Firwall.
From the date I have configured the profile in PA for Panorama, all logs are being sent to the Panorama.
But the first 40% of logs that are in Palo Alto Firewall are still there in the same firewall.
How do I get the first 40% of these logs into the Panorama ??
If you set up the firewall first and ran it for a a few weeks and then later installed Panorama then there is no way to export the old logs to Panorama. The best you can do is build a filter on the traffic monitor and then export to CSV but you will have to sift through this manually. You can submit this as a feature request if it is important to you.
How do I get the URL entries from the device to Panorama.
I know we have to set for 'informational or low', but its not working ! ((See attached log1)
I also tried creating a new rule and allowed only URL Alert, but still not working. (See Rule Alert)
In your screenshot you are showing the system log forwarding configuration screen.
You want to set up the log forwarding for traffic, threat, etc. That is done on the Object tab -> log forwarding
There you will see options for forwarding the traffic and threat logs, similar to what you see on the system log forwarding screen that you attached to your last comment.
Has this changed, can we get logs from the firewall into Panorama? Say, after a Panorama crash or maybe the Panorama was turned off for a period of time and missed logs how do we sync the logs of the Panorama with the logs of the firewall?
As said earlier, if your Panorama is shut down for a specifc period of time (Disconnected from the devices), there is no way to export the old logs from the devices to to Panorama as of now. (Has to be a Feature Request) The only way is to manually export the logs from the Firewall via ftp,scp or CSV.
For traffic, threat, URL filtering logs , you need to have Log forwarding prifiles and applies to the poliices.
According to my understanding, over the releases of major Software versions, the GUI appearence might have changed but the way to set it up is still the same.
You can start up a case with PAN Support and they should be able to obtain this for you. However, the logs will only be as far back as the Device (i.e. firewall) has in it's database.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!