This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
For details on cookie usage on our site, read our Privacy Policy
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Get Started
- News & Events
- Collaboration
- Education Services
- Technologies
- Next-Generation Firewall
- GlobalProtect
- Threat Prevention Services
- Endpoint Protection
- SSL Decryption
- App-ID
- Content-ID
- User-ID
- 5G
- IoT Security
- Cloud Identity Engine
- Panorama
- AIOps for NGFW
Network Security
- Prisma Access
- Prisma Cloud
- Prisma SD-WAN
- Cloud NGFW for AWS
- CN-Series
- VM-Series:
- Private Cloud
- OCI
- Alibaba
- AWS
- GCP
- Azure
Cloud Security
- Cortex XDR
- Cortex XSOAR
- Cortex Data Lake
- Cortex Xpanse
Security Operations
- Resources
Make more sense using filtered log forwarding
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- LIVEcommunity
- Collaboration
- Blogs
- Make more sense using filtered log forwarding
kiwi
Community Team Member
Options
- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark
- Subscribe
- Email to a Friend
- Printer Friendly Page
- Report This Content
03-07-2017
06:17 AM
Log forwarding has been around on our firewalls since forever. However, the feature had its limitations.
Problem before PAN-OS 8.0:
- Customers want to forward particular logs to start a troubleshooting or incident response across variety of teams
- However, prior to PAN-OS 8.0 users are required to choose a collection of logs by severity and/or type rather than the set of logs they are interested in
- Existing log forwarding behavior results in a flood of unwanted logs that you still have to filter through manually
Solution in PAN-OS 8.0:
- This feature will expand the log filtering from the granularity of severity to the granularity of a user-defined filter for log forwarding purposes.
- Users can now forward selective logs based on a custom-defined filter for a given log type.
- Log forwarding profiles now have filters that are similar to the monitor tab.
- These updated log forwarding profiles will be attached to rules/zones in the same way as we use current log forwarding profiles.
Log forwarding profiles are re-designed to accommodate log filtering. Users can now create match lists in the log forwarding profile.
All the forwarding actions mentioned in the match list will be taken against that particular traffic log. A traffic log can match more than one match list, forwarding actions mentioned in all the matching lists will be taken. New match criteria can be added to the forwarding profile with “Add” option. Here in this example, two match lists are configured:
Log Forwarding Profile Match List allows for the creation of custom filters as shown here:
By default, the firewall forwards ALL logs of the selected Log Type. To forward a subset of the logs, select an existing filter from the drop-down or select 'Filter Builder' to add a new filter to select interesting logs to be forwarded. These filters are similar to the existing filters that we already have in the monitor tab:
Use the ‘View Filtered Logs’ tab to verify which logs exactly will be forwarded.
It can be challenging to create your own filter but you can work backwards and have the firewall create a filter for you. Without a configured filter you can goto the 'View Filtered Logs' view and you will have an unfiltered view. From here you can make any selection from the displayed logs and the firewall will create a filter for you in response to that. Notice how the firewall creates a filter for me when I make any selection in the 'View Filtered Logs' tab.
Click the 'Apply Filter' button to see exactly what will be forwarded :
Click OK and all that remains to be done is select your Forward method. Once you do that you can click the OK button and you can confirm if the Log Forwarding Profile looks fine and you can click the OK button once more.
With this your log forwarding profile is created.
Similarly you have the log settings feature on the device tab. Here you can configure system logs, config logs, UserID, Correlation and HIP match logs (User-ID and Correlation are new in PAN-OS 8.0). The same granularity was added in all of these logs:
As an example check out the 'Log Settings - Configuration' below, where I configured a forwarding option for the filter ( admin neq admin )
Notice in the example above that I've set my forwarding option to Panorama. If you are happy with this you can go ahead and click OK and commit the change.
With this new feature, a flood of unwanted logs will soon be a thing of the past!
As always, feel free to add comments to the comments section below or reach out to us in the Live Community Discussions Forum.
Cheers!
-Kim.
Labels:
1 Comment
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Labels
-
10.0
1 -
10.1
1 -
10.2
2 -
2 factor authentication
1 -
2020
1 -
2fa
1 -
3.0
1 -
30DaysCloud
7 -
5G
9 -
7000
2 -
7000 series
1 -
9.0
1 -
ACC
2 -
addressgroups
1 -
ADEM
1 -
admin roles
1 -
administration
7 -
Adobe Acrobat
1 -
AdTacking
1 -
Advanced URL Filtering
5 -
Agent
1 -
Agentless
1 -
agentless user id
1 -
AIOps
5 -
AIOps NGFW
3 -
ALERTS
1 -
Alibaba
1 -
Alibaba Cloud
3 -
AMA
6 -
Analytics
3 -
Announcement
1 -
Aperture
3 -
API
5 -
App-ID
14 -
App-Portal
1 -
application
1 -
Application Framework
4 -
Application Override
1 -
applications
2 -
apps
1 -
Ask Me Anything
3 -
Authentication
2 -
Authentication Sequence
1 -
AutoFocus
9 -
Automation
1 -
Autonomous
2 -
Autonomous DEM
3 -
Autonomous Digital Experience Management
2 -
AWS
19 -
Azure
9 -
Beacon
9 -
Best Practice
2 -
Best Practice Assessment
2 -
Best Practices
6 -
Books
1 -
BPA
6 -
BPAPlus
1 -
Bridgecrew
2 -
Canon
1 -
Case Creation
4 -
case management
1 -
Cases
1 -
categories
4 -
CDSS
5 -
certificate
1 -
Certificates
1 -
Certification
2 -
Certifications
3 -
Certifications & Exams
3 -
Checkov
1 -
ci cd
1 -
Cisco ACI
1 -
CLI
2 -
CLI Command
2 -
CLI Reference Guide
1 -
Cloud
45 -
Cloud Identity Engine
4 -
cloud managed prisma access
2 -
Cloud NGFW
3 -
Cloud NGFW for AWS
7 -
Cloud Security
7 -
cloud service
3 -
Cloud Services Portal
3 -
Cloud Workload Protection Platforms
1 -
CloudBlade
2 -
CloudBlades
4 -
cloudgenix
4 -
CloudSecured
1 -
CN-Series
18 -
CNAME Cloaking
1 -
Code Security module
1 -
Commit Process
1 -
Community
121 -
Community Experience Refresh
1 -
community feedback
1 -
Community Guidance
1 -
Community News
5 -
Compatibility
1 -
Compatibility View
1 -
Configuration
18 -
Configuration and Management
5 -
consulting
1 -
Container
1 -
Containers
1 -
Content-ID
1 -
Cortex
28 -
Cortex Data Lake
10 -
Cortex XDR
41 -
Cortex XDR 2.0 Features
2 -
Cortex XDR 2.2 Features
1 -
Cortex XDR 2.3
1 -
Cortex XDR 2.4 Features
1 -
Cortex XDR 2.5 Features
1 -
Cortex XDR 2.6 Features
1 -
Cortex XDR 2.7 Features
1 -
Cortex XDR 2.9 Features
1 -
Cortex XDR 3.0 Features
1 -
Cortex XDR 3.1
1 -
Cortex XDR 7.4 Features
1 -
Cortex XDR 7.5 Features
1 -
Cortex XDR Agent
3 -
Cortex XDR Agent 7.3 features
1 -
Cortex XDR Features
1 -
Cortex Xpanse
3 -
Cortex XSOAR
21 -
Cortex XSOAR Webinar
1 -
COVID-19
2 -
credits
1 -
csp
13 -
CSP outage
1 -
custom report
1 -
custom reports
1 -
Custom Signatures
1 -
Customer Experience
2 -
Customer Help
2 -
customer news
2 -
Customer Success
14 -
Customer Support Portal
5 -
Customer Support Resources
1 -
CVE-2021-1675
1 -
CVE-2022-22963
1 -
CVE-2022-22965
1 -
CWPP
1 -
CX Day
2 -
CXDay2020
1 -
cyber elite
14 -
Cyber Elite Program
17 -
cyberelite
12 -
cybersecurity
9 -
Cybersecurity Academy
1 -
Data Center
1 -
data lake
1 -
Data Loss Prevention
4 -
Data Loss Prevention 7000
1 -
data pattern
1 -
Data Security
1 -
dataplane
1 -
Debug
4 -
Decryption
5 -
Dependency
1 -
Deployment
1 -
Detection and Response
1 -
dev_ops
1 -
Developers
1 -
device management
1 -
DevSecOps
1 -
discussion
2 -
discussions
1 -
DLP
3 -
dns
8 -
DNS Security
11 -
dotw
8 -
Download
1 -
EDL
3 -
edu
1 -
EDU-114
1 -
Education
16 -
Education Services
8 -
Educational Services
4 -
ela
1 -
email notification
1 -
Email Notifications
1 -
Endpoint
6 -
Endpoint Security Manager (ESM)
2 -
Enterprise
1 -
Error Message
1 -
Event
2 -
Events
66 -
Exams
1 -
Expedition
3 -
Expert Program
1 -
faq
1 -
feature request
1 -
FeatureRequest
2 -
Features
4 -
File Blocking
1 -
Filtering
1 -
Firewall
92 -
Flow Logs
1 -
fuel
5 -
Fuel User Group
11 -
Fundamentals
1 -
gateway
1 -
gateway selection
1 -
gcp
5 -
Getting Started
1 -
Github
1 -
Global
1 -
GlobalProtect
44 -
GlobalProtect 5.0
3 -
GlobalProtect App
1 -
GlobalProtect Cloud Service
2 -
GlobalProtect HIP check
1 -
GlobalProtect-COVID19
24 -
GlobalProtect-Resources
19 -
google
1 -
Google Chrome extension
1 -
google cloud platform
3 -
GP
3 -
GPCS
1 -
Grateful
1 -
Grayware
2 -
Guidance and Guidelines
2 -
ha
1 -
Happy Holidays
1 -
Hardware
2 -
High Availability
1 -
HIP
1 -
HIP Check
1 -
How to
8 -
how-to
3 -
how_to
2 -
HTTP
1 -
hub
6 -
Hybrid Cloud
3 -
Hyper Scale
1 -
IAC
3 -
ICS
1 -
Identity
1 -
ignite
4 -
Ignite 2021
8 -
Ignite 2022
2 -
Ignite 21
1 -
Ignite conference
2 -
ignite2019
3 -
Ignite2020
8 -
Ignite21
5 -
IGNITEQ&A
1 -
initial configuration
1 -
Interactive Event
2 -
Interactive Events
1 -
IoMT
1 -
ION
1 -
IoT
15 -
IoT Security
23 -
IPSec
2 -
IPv6
1 -
Iron Skillet
1 -
IronSkillet
1 -
Kubernetes
4 -
LatinxHeritage
1 -
LatinxHeritageMonth
4 -
Learning
3 -
Learning Center
1 -
license
1 -
License Keys
1 -
licenses
2 -
licensing
1 -
live community
3 -
Live Community Help
4 -
livecommunity
10 -
log forwarding
4 -
log retention period
1 -
Log Settings
1 -
Log4Shell
1 -
Logging
6 -
logging service
3 -
logging_services
1 -
login
1 -
LogJam
1 -
Logs
1 -
Mac OS X
1 -
machine learning
6 -
MacOS
2 -
Magnifier
1 -
Malware
4 -
Management
29 -
Management & Administration
1 -
Mapping
3 -
member spotlight
9 -
MFA
3 -
micro-credentialing
1 -
microsoft 365
1 -
Migration
1 -
Migration Tool
2 -
minemeld
1 -
ML-Powered NGFW
4 -
Mobile Workforce
1 -
Monthly Release
1 -
MSP
2 -
multi factor authentication
1 -
Multi-Category URL Filtering
2 -
multi-factor authentication
1 -
Nebula
2 -
Network
1 -
Network Perimeter
1 -
network security
20 -
Network Security Management
1 -
Networking
1 -
New Features
6 -
News
2 -
Next-Generation Firewall
9 -
Next-Generation Firewall. NGFW
3 -
Next-Generation Firewalls
1 -
NGFW
42 -
notifications
1 -
NPI
1 -
NSX
2 -
NSX-T
2 -
nutanix
1 -
OCI
3 -
office 365
1 -
Okta
1 -
Okyo
3 -
Okyo Garde
4 -
on demand
1 -
Oracle Cloud
2 -
Oracle Cloud Infrastructure
4 -
PA Firewall
1 -
PA-220R
1 -
PA-7000 Series Firewall
1 -
Palo Alto Networks
1 -
Pan-OS
59 -
PAN-OS 10.0
4 -
PAN-OS 10.1
4 -
PAN-OS 10.2
2 -
PAN-OS 9.0
8 -
PAN-OS 9.1
2 -
Panorama
30 -
panorama_csr
1 -
PANOS-9.0
2 -
Parked
1 -
PCCET
2 -
PCCSA
3 -
PCNSA
4 -
PCNSE
9 -
PDF summary report
1 -
Phishing
1 -
plugin
2 -
policies
1 -
Policy
2 -
Postman
1 -
Pre-Logon
1 -
PrintNightmare
1 -
Prisma
27 -
Prisma "cloud code security" (CCS) module
1 -
Prisma Access
42 -
Prisma Access 2.0
1 -
prisma access app
1 -
Prisma Access Cloud Management
3 -
prisma access insights
2 -
Prisma Access MSP
4 -
Prisma Cloud
18 -
Prisma Cloud Compute Edition
1 -
Prisma Coud
1 -
Prisma SaaS
5 -
Prisma SASE
5 -
Prisma SD-WAN
12 -
PrismaAccess
2 -
PrismaAccess-COVID19
11 -
prismaaccessinsights
2 -
Privacy Data Sheets
1 -
Private Cloud
4 -
Professional Services
2 -
Proxy Avoidance
2 -
Public Cloud
2 -
Query Builder
1 -
Questionable
1 -
Quickplay Solutions
2 -
Release Notes
3 -
Release-Notes
3 -
Remediation
1 -
Remote Code Execution
1 -
Remote location
1 -
Remote Networks
3 -
report group
1 -
reporting and logging
2 -
Reports
2 -
Resources
3 -
RQL
1 -
RSA
1 -
Rule
1 -
SaaS
4 -
Saas Security
4 -
SAML
2 -
SASE
10 -
SCADA
1 -
scanning
1 -
SD-WAN
12 -
Second Watch
1 -
Secure Input
1 -
secureinput
1 -
Security
9 -
Security Advisory
1 -
Security Policy
5 -
security profile
1 -
Security Profiles
2 -
security Service
2 -
Services
1 -
session
1 -
Setup & Administration
1 -
Shift-Left
2 -
SIEM
1 -
Skillets
2 -
Smart NIC
1 -
smb
1 -
SNMP Monitoring
1 -
Social Media
1 -
Software
1 -
SolarStorm
1 -
SolarWinds
1 -
Spark User Summit Event
1 -
Split Tunneling
1 -
Spring Framework
1 -
SpringShell
1 -
SSL
1 -
SSL Decryption
5 -
SSL Forward Proxy
1 -
strata
5 -
Strata Firewall
2 -
Subscriptions
1 -
SUNBURST
1 -
Supply Chain Security
1 -
Support
23 -
Support Guidance
1 -
support portal
1 -
Symphony
1 -
Technologies
3 -
Terraform
3 -
Thankful 2020
1 -
Thanksgiving
1 -
Threat
30 -
Threat Detection
1 -
Threat Intelligence Management
1 -
threat log
1 -
Threat Management
4 -
threat prevention
7 -
Threat Prevention License
1 -
threat protection
1 -
Threat Vulnerability Advisory
1 -
Threats
1 -
Tips & Tricks
6 -
tls
1 -
TMS
4 -
Tools
3 -
Training
1 -
Traps
8 -
Traps Agent
8 -
Traps Management Service
4 -
Troubleshooting
8 -
Tutorial
10 -
unit 42
18 -
unit42
5 -
upgrade
3 -
url categories
1 -
URL Filtering
10 -
URL Filtering (PAN-DB)
2 -
User-ID
8 -
User-ID & Authentication
1 -
User-ID mapping
2 -
userid
1 -
users
1 -
Veteran Training
3 -
Veterans Day
1 -
Video
8 -
Videos
4 -
VIP
1 -
Virtualization
7 -
VM
1 -
VM-Series
50 -
VM-Series on AWS
4 -
VM-Series on Azure
2 -
VMware
1 -
VPN
2 -
Vulnerability
12 -
Vulnerability Protection
2 -
webcast
1 -
Webinar
6 -
Wildcard DNS Abuse
1 -
Wildfire
14 -
Wildfire API
1 -
Women's Equality Day
1 -
XDR
1 -
Xpanse
1 -
XSOAR
3 -
Year in Review
1 -
YouTube
3 -
Zero Trust
10 -
Zero Trust Network
2 -
Zero Trust Network Security
9 -
ztna
1 -
ZTP
1
- Previous
- Next
Top Liked Posts
| Subject | Likes |
|---|---|
| 5 Likes | |
| 3 Likes | |
| 2 Likes | |
| 2 Likes | |
| 1 Like |
Top Liked Authors
| User | Likes Count |
|---|---|
| 9 | |
| 5 | |
| 4 | |
| 2 | |
| 2 |
LEGAL NOTICES
Copyright 2007 - 2022 - Palo Alto Networks