Data Filtering logs not in Panorama
cancel
Showing results for 
Search instead for 
Did you mean: 

Data Filtering logs not in Panorama

L1 Bithead

Hi All, we are running 9.0.12. I've got data filtering with the patterns etc all set up. The logs appear fine on the firewall. And logging profile is set to forward all to Panorama, but none appear in Panorama. It's empty. Logging profiles is set to forward log type Data to Panorama.

Any help would be appreciated. Panorama is forwarding all events to our SIEM, where alarms are set. So we are missing out on Data Filtering alarms. 

Thank for help in advance

4 REPLIES 4

Cyber Elite
Cyber Elite

 

@igs1917 

 

Data Filtering logs are part of the Informational severity of the Threat log database. 

Please try below 

Turn on Informational Threat log forwarding and the firewall will forward Data Filtering events to Panorama.

 

  1. Using the Web UI go to Objects > Log Forwarding > Log Forwarding Profile > Threat Settings > Panorama. Check Informational, and click OK. .
  2. Commit your changes.
  3. Verify data filtering log events in Panorama.

 

Regards

 

MP

thank you MP.

 

I've seen that article. It's for PAN-OS 7.1 and below. 

 

there is no threat settings in out log forwarding profile

@igs1917 

 

Make sure you check the Panorama in log forwarding profile.

 

Regards

MP

checked for all log types (including "data"). I am really puzzled this time.

log forward.jpg

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!