Cant Syslog off of Panorama ?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Cant Syslog off of Panorama ?

L3 Networker

My PA-4020's are busy to say the least. They do send traffic, threat and URL Filtering logs to Panorama. I want to be able to create a Log Forwarding profile on Panorama to send these logs off to a Syslog Server. Under Server Profiles Syslog, I create a new syslog server entry. I save it and commit the changes. When I go to Objects, Log Forwarding to create the object to syslog the traffic, the server I just created in does not show up in the drop down list.

Am I doing something wrong ? Is it a bug ?

Thanks,

Justin

1 accepted solution

Accepted Solutions

L7 Applicator

I think I can help.

The way that it works is like this.. the Firewalls can use Syslog to send system logs and firewall logs to a syslog server.

Panorama can receive FW logs from the Firewalls. But once the logs are on Panorama, that is it. There is no option to forward to syslog as the logs were not "Generated" on Panorama, just ended up there. 

This is currently by design.

Sorry we cannot get this to work how you want it to right now.

LIVEcommunity team member
Stay Secure,
Joe
Don't forget to Like items if a post is helpful to you!

View solution in original post

5 REPLIES 5

L7 Applicator

I think I can help.

The way that it works is like this.. the Firewalls can use Syslog to send system logs and firewall logs to a syslog server.

Panorama can receive FW logs from the Firewalls. But once the logs are on Panorama, that is it. There is no option to forward to syslog as the logs were not "Generated" on Panorama, just ended up there. 

This is currently by design.

Sorry we cannot get this to work how you want it to right now.

LIVEcommunity team member
Stay Secure,
Joe
Don't forget to Like items if a post is helpful to you!

jdelio:

I believe that was the case back in the pre-6.0 days.  However, with PAN-OS 6.0, Palo Alto Networks has introduced the ability for Panorama to support log forwarding.  From the "new features" document:

All Palo Alto Networks next-generation firewalls can generate logs that provide an audit trail of the activities

and events on the firewall. To centrally monitor the logs and to generate reports, you must forward the logs

generated on the managed firewalls to Panorama.With this release, you can configure Panorama to aggregate

the logs and forward it to a remote logging destination such as a syslog server.

In addition to logs, emails and SNMP traps can also be aggregated and forwarded from Panorama to a remote

destination. Forwarding logs from Panorama reduces the load on the firewalls and provides a reliable and

streamlined approach to combine and forward syslogs/SNMP traps/email notifications to remote destinations.

Thanks for updating this..   Just add this to all of the great new features.  I stand corrected. 😃

LIVEcommunity team member
Stay Secure,
Joe
Don't forget to Like items if a post is helpful to you!

Thanks for the replies. I finally got to connect with my support engineer and what jdelio is stating is correct. Panorama cannot syslog data received from managing another firewall. I am running Panorama 6.0.2 but firewall code 5.0.8. I ended up just adding another syslog destination on the firewall itself. So the firewall should be syslogging to 2 boxes. So far it doesnt seem to be working. I dont know if the firewall batches syslog traffic or does it in a constant stream or what.

Hello jhickey,

are you sure? Panorama should be able to forward logs to external devices (e.g. syslog).

From Panorama Guide 6.0 p95:

Panorama allows you to forward aggregated logs, email notifications, and SNMP traps to external servers.

Forwarding logs from Panorama reduces the load on the firewalls and provides a reliable and streamlined

approach to combine and forward syslogs/SNMP traps/email notifications to remote destinations.

To forward device logs that are being collected on the Log Collector Group:

Panorama > Collector Groups > Collector Log Forwarding tab

Select the subtab for each log

type: System, Config, Traffic,

Threat, HIP Match and WildFire

  • 1 accepted solution
  • 5591 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!