This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Log forwarding profile for Correlated Events?

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Log forwarding profile for Correlated Events?

mbrownnyc
L1 Bithead

‎01-05-2017 06:28 AM

Hello all,

 

It appears that we have had at least a single correlated event in the past seven days, but did not recieve any alert related (via any configured log forwarding profile).

 

It appears the each match that was correlated did perform a log action, but the actual correlated event did not.

 

How do I attach a log forwarding action for Correlated Events?

 

 

Thanks,

 

Matt

1 person had this problem.
0 Likes Likes
4 REPLIES 4

jt1025
L2 Linker

‎07-13-2017 01:10 PM

Did you get anywhere with this?  We're experiencing the same thing.  Thanks.

0 Likes Likes

mbrownnyc
L1 Bithead
In response to jt1025

‎07-13-2017 01:19 PM - edited ‎07-13-2017 01:20 PM

I got you, fam.

 

 

Created By: Solomon Victor (1/10/2017 3:17 PM)
Hello,

Hope you are doing well.

You may forward the logs for the correlated events by following the below article

Navigate to "Device > Log Setting > Correlation"

Perform the following steps for each log type. For System and Correlation logs, start by clicking the Severity level. For Config and HIP Match logs, start by clicking the Edit icon.

a) Select the Panorama check box if you want to aggregate firewall logs on Panorama. You can then configure Panorama to forward the logs to the external services.

Note: You cannot forward Correlation logs from firewalls to Panorama. Panorama generates Correlation logs based on the firewall logs it receives.

b) Select the SNMP Trap, Email, or Syslog server profile you configured for this log type and click OK.

Configure Log Forwarding: https://www.paloaltonetworks.com/documentation/70/pan-os/pan-os/monitoring/configure-log-forwarding

Device Log Settings: https://www.paloaltonetworks.com/documentation/71/pan-os/web-interface-help/device/device-log-settings

Regards,
Solomon Victor | Technical Support Engineer
Shift Time : 9:00 AM – 5:00 PM PST
Email : svictor@paloaltonetworks.com
Support Contact: US: (866) 898-9087, Outside the US: +1-408-738-7799
Palo Alto Networks | 4401 Great America Parkway, Santa Clara, CA 95054, USA

 

Would have loved to be in that meeting with the engineers and the UI guys for this one while they tried to figure out where to put this setting.

0 Likes Likes

lteeters1
L1 Bithead
In response to mbrownnyc

‎05-21-2020 04:26 AM

Panorama > Log Settings > Correlation

 

Use the Log Settings page to forward the correlation logs to external services.

PCNSE
0 Likes Likes

TomYoung
Cyber Elite
Cyber Elite

‎11-19-2023 03:18 AM

I have a VM Panorama, and I don't have a Panorama > Log Settings > Correlation option.

Help the community: Like helpful comments and mark solutions.
0 Likes Likes
  • 5495 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks