Our PAN firewallls send their log to a central syslog server; in case there is a gap in the connectivity (e.g. satellite link down) what happens to the corresponding log entries?
Shall the remote firewall store them till the connection is available again and then send them to the central server?
Thanks and Regards
At this time PANOS only appears to support Syslog over UDP, so your messages are lost if there is not a path to your syslog server.
The device ( firewall related ) logs will still be stored under the system logs locally on the firewall. But if you are sending all the traffic, threat, URL and the data filtering logs to a syslog server and in case there is a connectivity issue to the syslog server , you can still leverage the "scheduled log export" feature, as mentioned under the following document: https://live.paloaltonetworks.com/docs/DOC-3824#comment-3469,
by exporting the logs onto an FTP server.
The other method would be to backup the logs to Panorama, if the PANFW is being managed by it.
As I understand it Panorama is supposed to use a "delivery guaranteed" method of transfering logs between the firewall and the Panorama (and if it fails it should be logged which block of logs is missing).
That is in order to get the logs reliably from your firewall to your syslog-server something like this should work:
PA-firewall -> unreliable link (satellite link or whatever) -> Panorama -> reliable link (like in the same or nearby rack) -> Syslog-server
@mikand Correct, Panorama uses an internal acknowledgment mechanism over a TCP/SSL channel for log forwarding.
Panorama does not currently support forwarding any logs which it did not internally generate. Thus, logs from devices cannot be sent from Panorama to a syslog server.
Any ETA on when logs that has been forwarded to Panorama can then from Panorama be forwarded further to a syslog-server or such?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!