In an environment where you use multiple firewalls
to control and analyze network traffic, any single firewall can
display logs and reports only for the traffic it monitors. Because
logging in to multiple firewalls can make monitoring a cumbersome
task, you can more efficiently achieve global visibility into network
activity by forwarding the logs from all firewalls to Panorama or
external services. If you
Use External Services for Monitoring,
the firewall automatically converts the logs to the necessary format:
syslog messages, SNMP traps, email notifications, or as an HTTP
payload to send the log details to an HTTP(S) server. In cases where
some teams in your organization can achieve greater efficiency by
monitoring only the logs that are relevant to their operations,
you can create forwarding filters based on any log attributes (such
as threat type or source user). For example, a security operations
analyst who investigates malware attacks might be interested only
in Threat logs with the type attribute set to wildfire-virus.
Log forwarding is supported only for supported
log fields.
Forwarding logs that contain unsupported log fields or pseudo-fields
causes the firewall to crash.
You can
use Secure Copy (SCP) commands from the CLI to
export the entire log database to an SCP server and import it to
another firewall. Because the log database is too large for an export
or import to be practical on the PA-7000 Series firewall, it does
not support these options. You can also use the web interface on
all platforms to
View and Manage Reports,
but only on a per log type basis, not for the entire log database.