07-10-2013 07:41 AM
Our PAN firewallls send their log to a central syslog server; in case there is a gap in the connectivity (e.g. satellite link down) what happens to the corresponding log entries?
Shall the remote firewall store them till the connection is available again and then send them to the central server?
Thanks and Regards
07-10-2013 08:53 AM
At this time PANOS only appears to support Syslog over UDP, so your messages are lost if there is not a path to your syslog server.
07-10-2013 09:15 AM
Thanks, Shaun, indeed that was our guess...
07-10-2013 09:50 AM
The device ( firewall related ) logs will still be stored under the system logs locally on the firewall. But if you are sending all the traffic, threat, URL and the data filtering logs to a syslog server and in case there is a connectivity issue to the syslog server , you can still leverage the "scheduled log export" feature, as mentioned under the following document: https://live.paloaltonetworks.com/docs/DOC-3824#comment-3469,
by exporting the logs onto an FTP server.
The other method would be to backup the logs to Panorama, if the PANFW is being managed by it.
07-11-2013 01:05 AM
As I understand it Panorama is supposed to use a "delivery guaranteed" method of transfering logs between the firewall and the Panorama (and if it fails it should be logged which block of logs is missing).
That is in order to get the logs reliably from your firewall to your syslog-server something like this should work:
PA-firewall -> unreliable link (satellite link or whatever) -> Panorama -> reliable link (like in the same or nearby rack) -> Syslog-server
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!