This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Cant Syslog off of Panorama ?

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Cant Syslog off of Panorama ?

Go to solution
jhickey
L3 Networker

‎04-25-2014 09:53 AM

My PA-4020's are busy to say the least. They do send traffic, threat and URL Filtering logs to Panorama. I want to be able to create a Log Forwarding profile on Panorama to send these logs off to a Syslog Server. Under Server Profiles Syslog, I create a new syslog server entry. I save it and commit the changes. When I go to Objects, Log Forwarding to create the object to syslog the traffic, the server I just created in does not show up in the drop down list.

Am I doing something wrong ? Is it a bug ?

Thanks,

Justin

Labels:
0 Likes Likes
1 accepted solution

Accepted Solutions

Go to solution
jdelio
L7 Applicator

‎04-25-2014 12:26 PM

I think I can help.

The way that it works is like this.. the Firewalls can use Syslog to send system logs and firewall logs to a syslog server.

Panorama can receive FW logs from the Firewalls. But once the logs are on Panorama, that is it. There is no option to forward to syslog as the logs were not "Generated" on Panorama, just ended up there. 

This is currently by design.

Sorry we cannot get this to work how you want it to right now.

LIVEcommunity team member
Stay Secure,
Joe
Don't forget to Like items if a post is helpful to you!

View solution in original post

0 Likes Likes
5 REPLIES 5

Go to solution
jdelio
L7 Applicator

‎04-25-2014 12:26 PM

I think I can help.

The way that it works is like this.. the Firewalls can use Syslog to send system logs and firewall logs to a syslog server.

Panorama can receive FW logs from the Firewalls. But once the logs are on Panorama, that is it. There is no option to forward to syslog as the logs were not "Generated" on Panorama, just ended up there. 

This is currently by design.

Sorry we cannot get this to work how you want it to right now.

LIVEcommunity team member
Stay Secure,
Joe
Don't forget to Like items if a post is helpful to you!
0 Likes Likes

Go to solution
jvalentine
L7 Applicator
In response to jdelio

‎04-25-2014 12:46 PM

jdelio:

I believe that was the case back in the pre-6.0 days.  However, with PAN-OS 6.0, Palo Alto Networks has introduced the ability for Panorama to support log forwarding.  From the "new features" document:

All Palo Alto Networks next-generation firewalls can generate logs that provide an audit trail of the activities

and events on the firewall. To centrally monitor the logs and to generate reports, you must forward the logs

generated on the managed firewalls to Panorama.With this release, you can configure Panorama to aggregate

the logs and forward it to a remote logging destination such as a syslog server.

In addition to logs, emails and SNMP traps can also be aggregated and forwarded from Panorama to a remote

destination. Forwarding logs from Panorama reduces the load on the firewalls and provides a reliable and

streamlined approach to combine and forward syslogs/SNMP traps/email notifications to remote destinations.

Go to solution
jdelio
L7 Applicator
In response to jvalentine

‎04-25-2014 12:56 PM

Thanks for updating this..   Just add this to all of the great new features.  I stand corrected. 😃

LIVEcommunity team member
Stay Secure,
Joe
Don't forget to Like items if a post is helpful to you!

Go to solution
jhickey
L3 Networker
In response to jdelio

‎04-28-2014 06:54 AM

Thanks for the replies. I finally got to connect with my support engineer and what jdelio is stating is correct. Panorama cannot syslog data received from managing another firewall. I am running Panorama 6.0.2 but firewall code 5.0.8. I ended up just adding another syslog destination on the firewall itself. So the firewall should be syslogging to 2 boxes. So far it doesnt seem to be working. I dont know if the firewall batches syslog traffic or does it in a constant stream or what.

0 Likes Likes

Go to solution
Rham
L2 Linker
In response to jhickey

‎04-28-2014 07:04 AM

Hello jhickey,

are you sure? Panorama should be able to forward logs to external devices (e.g. syslog).

From Panorama Guide 6.0 p95:

Panorama allows you to forward aggregated logs, email notifications, and SNMP traps to external servers.

Forwarding logs from Panorama reduces the load on the firewalls and provides a reliable and streamlined

approach to combine and forward syslogs/SNMP traps/email notifications to remote destinations.

To forward device logs that are being collected on the Log Collector Group:

Panorama > Collector Groups > Collector Log Forwarding tab

Select the subtab for each log

type: System, Config, Traffic,

Threat, HIP Match and WildFire

0 Likes Likes
  • 1 accepted solution
  • 5002 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks