Cant Syslog off of Panorama ?

Reply
L3 Networker

Cant Syslog off of Panorama ?

My PA-4020's are busy to say the least. They do send traffic, threat and URL Filtering logs to Panorama. I want to be able to create a Log Forwarding profile on Panorama to send these logs off to a Syslog Server. Under Server Profiles Syslog, I create a new syslog server entry. I save it and commit the changes. When I go to Objects, Log Forwarding to create the object to syslog the traffic, the server I just created in does not show up in the drop down list.

Am I doing something wrong ? Is it a bug ?

Thanks,

Justin

Tags (2)

Accepted Solutions
Highlighted
Community Team Member

Re: Cant Syslog off of Panorama ?

I think I can help.

The way that it works is like this.. the Firewalls can use Syslog to send system logs and firewall logs to a syslog server.

Panorama can receive FW logs from the Firewalls. But once the logs are on Panorama, that is it. There is no option to forward to syslog as the logs were not "Generated" on Panorama, just ended up there. 

This is currently by design.

Sorry we cannot get this to work how you want it to right now.

Stay Secure,
Joe
End of line

View solution in original post


All Replies
Highlighted
Community Team Member

Re: Cant Syslog off of Panorama ?

I think I can help.

The way that it works is like this.. the Firewalls can use Syslog to send system logs and firewall logs to a syslog server.

Panorama can receive FW logs from the Firewalls. But once the logs are on Panorama, that is it. There is no option to forward to syslog as the logs were not "Generated" on Panorama, just ended up there. 

This is currently by design.

Sorry we cannot get this to work how you want it to right now.

Stay Secure,
Joe
End of line

View solution in original post

Highlighted
L7 Applicator

Re: Cant Syslog off of Panorama ?

jdelio:

I believe that was the case back in the pre-6.0 days.  However, with PAN-OS 6.0, Palo Alto Networks has introduced the ability for Panorama to support log forwarding.  From the "new features" document:

All Palo Alto Networks next-generation firewalls can generate logs that provide an audit trail of the activities

and events on the firewall. To centrally monitor the logs and to generate reports, you must forward the logs

generated on the managed firewalls to Panorama.With this release, you can configure Panorama to aggregate

the logs and forward it to a remote logging destination such as a syslog server.

In addition to logs, emails and SNMP traps can also be aggregated and forwarded from Panorama to a remote

destination. Forwarding logs from Panorama reduces the load on the firewalls and provides a reliable and

streamlined approach to combine and forward syslogs/SNMP traps/email notifications to remote destinations.

Highlighted
Community Team Member

Re: Cant Syslog off of Panorama ?

Thanks for updating this..   Just add this to all of the great new features.  I stand corrected. =)

Stay Secure,
Joe
End of line
Highlighted
L3 Networker

Re: Cant Syslog off of Panorama ?

Thanks for the replies. I finally got to connect with my support engineer and what jdelio is stating is correct. Panorama cannot syslog data received from managing another firewall. I am running Panorama 6.0.2 but firewall code 5.0.8. I ended up just adding another syslog destination on the firewall itself. So the firewall should be syslogging to 2 boxes. So far it doesnt seem to be working. I dont know if the firewall batches syslog traffic or does it in a constant stream or what.

Highlighted
L2 Linker

Re: Cant Syslog off of Panorama ?

Hello jhickey,

are you sure? Panorama should be able to forward logs to external devices (e.g. syslog).

From Panorama Guide 6.0 p95:

Panorama allows you to forward aggregated logs, email notifications, and SNMP traps to external servers.

Forwarding logs from Panorama reduces the load on the firewalls and provides a reliable and streamlined

approach to combine and forward syslogs/SNMP traps/email notifications to remote destinations.

To forward device logs that are being collected on the Log Collector Group:

Panorama > Collector Groups > Collector Log Forwarding tab

Select the subtab for each log

type: System, Config, Traffic,

Threat, HIP Match and WildFire

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!