granular filtering for panorama/logging service in log forwarding profile

cancel
Showing results for 
Search instead for 
Did you mean: 

granular filtering for panorama/logging service in log forwarding profile

L3 Networker

Currently we are managing all firewall from Panorama and configured log forwarding profile to forward logs to panorama/logging service. To enable log forwarding to logging service we have also enabled option to forward logs in cortex data lake in all firewall (device > setup>management > enabled duplicate logging ). On cortex data lake instance we have enabled logging only for URL logs.

have some below query and requirement :

Q1. As we have enabled log forwarding to panorama/logging service for all log types , all logs forwarding to panorama. What about cortex data lake ?. Firewall forwarding only url logs or all logs to cortex data lake ? If all logs forwarding to cortex data lake and we are storing only url logs then it will be unnecessary utilization of our internet bandwidth.

 

Q2. Can we forward only url filtering logs only to cortex data lake , same logs should not be forwarded to panorama.

 

Q3 . As we have enabled duplicate logging , additional cortex data lake instance is not helping us to improve log retention as its storing the same logs which on-premise panorama is storing. We need some alternative so that logs will be forwarded either to panorama or cortex data lake to manage logging disk.

 

Q4. in addition to my second query (Q3) , currently all four locations firewall is managed via panorama. out of this if we forward two firewall logs only to cortex data lake then we can achieve our requirement , want to know configurational changes and challenges.

I have reviewed cortex data lake admin guide , found below consideration :

- if we disabled duplicate logging option in firewall (device >setup > mgmt >cortex data lake) , any chance of loss of logs of old logs stored in panorama.

- can we onboard panorama managed firewall ? here log will forward to cortex data lake but firewall will be managed by panorama.

Because currently cortex data lake is bind with panorama and through panorama all firewalls were connected to cortex data lake.

 

 

0 REPLIES 0
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!