Discussion of the Week: Critical System Log Forwarding

Showing results for 
Show  only  | Search instead for 
Did you mean: 
Please sign in to see details of an important advisory in our Customer Advisories area.
Cyber Elite
Cyber Elite

In this discussion of the week, Reaper discusses Critical System Log Forwarding while addressing a question posted in the general topic discussion forum on LIVEcommunity. Direct responses and a detailed answer includes screenshots of the Log Forwarding web interface. Got questions? Get answers on LIVEcommunity!



Even though this question was asked many (MANY) years ago, the discussion post still sees activity every once in a while with people looking for the same functionality, so I thought I'd pitch in with a little show and tell.


If you are familiar with log forwarding, you will know that you can find the log forwarding profiles in Objects > Log Forwarding.


In the Log Type, however, there is no option to forward system logs.


log forwarding.png


This is because the log forwarding profile is only used for logs generated as the result of a session flowing through (or getting blocked by) the firewall's dataplane.


To forward system (management plane) logs, there is a second area in the web interface related to log forwarding that is located in the Device > Log Settings tab that allows you to configure log forwarding for System logs, Configuration logs, User-ID logs, HIP Match logs, and even Correlation logs.


Log Settings.png


From here you can create individual log forwarding policies based on predefined severity filters, or custome your own filters using the filter builder.

filter builder.png


You can use the "View Filtered Logs" tab to preview the outcome of the filter to ensure the desired information is there.




You can also create several profiles so different information is sent to different destinations.


different profiles.png


Now you can create specific policies that forward all the information you need to the resources (SIEM, Panorama, Incident responce platform, and more) you need the information on.


As always, feel free to comment below.

Reaper out

Register or Sign-in
About the Author
I drink and I know things
Top Liked Authors