In an environment where you use multiple firewalls
to control and analyze network traffic, any single firewall can
display logs and reports only for the traffic it monitors. Because
logging in to multiple firewalls can make monitoring a cumbersome
task, you can more efficiently achieve global visibility into network
activity by forwarding the logs from all firewalls to Panorama or
external services. If you
Use External Services for Monitoring,
the firewall automatically converts the logs to the necessary format:
syslog messages, SNMP traps, email notifications, or as an HTTP
payload to send the log details to an HTTP(S) server. In cases where
some teams in your organization can achieve greater efficiency by
monitoring only the logs that are relevant to their operations,
you can create forwarding filters based on any log attributes (such
as threat type or source user). For example, a security operations
analyst who investigates malware attacks might be interested only
in Threat logs with the type attribute set to wildfire-virus.