Log and Monitor Data Center Traffic
Use logging and monitoring tools to find out which applications
are in use, how they behave, and who is really on your data center
network so that you can refine Security policy and secure your network.
The firewall’s
logging and
monitoring tools reveal applications,
users, and traffic patterns on your network, including applications
and users you may not have known were there. Logging and monitoring
provides useful information at all stages of the transition to and maintenance
of a data center best practice security policy because it also reveals
unknown users (not identified by User-ID), unknown applications,
and traffic on unexpected ports, all of which indicate that a Security
policy rule has not be correctly or tightly constructed. Logging
and monitoring information help you determine which applications
to allow and which users to allow access to which applications and
devices, and also helps you investigate potential security issues.
When you assess your data center, you capture baseline measurements.
Periodically compare those baseline measurements with current measurements
to evaluate progress, identify changes, and find areas for improvement
as you implement your data center best practice Security policy.
If you use Panorama to manage firewalls, you
can
monitor firewall health to compare devices
to their baseline performance and to each other to identify deviations
from normal behavior.
Configure
log forwarding from firewalls to Panorama
or to external services such as an SNMP Trap server or a syslog
server to centralize the logs from multiple firewalls for more convenient viewing
and analysis (a firewall can only display local logs and reports,
not logs and reports from other firewalls). When you configure log
forwarding, configure sending notifications to verify that the log
destinations you configure are receiving the firewall logs.
Best practices for data center logging and monitoring include: