The firewall’s logging and monitoring tools reveal applications, users, and traffic patterns on your network, including applications and users you may not have known were there. Logging and monitoring provides useful information at all stages of the transition to and maintenance of a data center best practice security policy because it also reveals unknown users (not identified by User-ID), unknown applications, and traffic on unexpected ports, all of which indicate that a Security policy rule has not be correctly or tightly constructed. Logging and monitoring information help you determine which applications to allow and which users to allow access to which applications and devices, and also helps you investigate potential security issues.

When you assess your data center, you capture baseline measurements. Periodically compare those baseline measurements with current measurements to evaluate progress, identify changes, and find areas for improvement as you implement your data center best practice Security policy.

Configure log forwarding from firewalls to Panorama or to external services such as an SNMP Trap server or a syslog server to centralize the logs from multiple firewalls for more convenient viewing and analysis (a firewall can only display local logs and reports, not logs and reports from other firewalls). When you configure log forwarding, configure sending notifications to verify that the log destinations you configure are receiving the firewall logs.

Best practices for data center logging and monitoring include: