What methods are available for sending events from a distributed palo alto deployment which have been aggregated in panorama...to a syslog server or SIEM product? I know how to send events directly from a firewall but would hate for all my remote locations to have to send the logs twice, once to panorama and a second time to the SIEM. In panorama it appears as though the logging configurations relate only to system events within the panorama platform as opposed to forwarding of the logs contained within panorama. At the moment I dont have any siem in mind specifically, I am just working with a linux syslog server but am also interested in siem integration for the future.
... View more
