: Panorama System and Configuration Logs
Focus
Focus

Panorama System and Configuration Logs

Table of Contents

Panorama System and Configuration Logs

You can configure Panorama to send notifications when a system event or configuration change occurs. By default, Panorama records every configuration change in the Config logs. In the System logs, each event has a severity level to indicate its urgency and impact. When you Configure Log Forwarding from Panorama to External Destinations, you can forward all System and Config logs or filter the logs based on attributes such as the receive time or severity level (System logs only). The following table summarizes the severity levels for System logs.
Panorama regularly connects to the IoT Edge Service to download policy recommendations for IoT based policies. This connection is attempted by Panorama regardless of whether the IoT license is active on any managed firewalls..
A high severity gRPC connection failure system log is generated in the event of connection failure or if Panorama manages no IoT licensed firewall. No action is needed regarding these system logs if you are not leveraging the policy recommendation capabilities of IoT or if you are not managing any IoT licensed firewalls.
If you are leveraging the policy recommendation capabilities of IoT, review the gRPC connection failure system log to understand what is causing the connection issue between Panorama and the IoT Edge Service.
Panorama does not support querying configuration logs in the ACC or when monitoring configuration logs (MonitorLogs) using the filters:
before-change-preview-contains
after-change-preview-contains
Severity
Description
Critical
Indicates a failure and the need for immediate attention, such as a hardware failure, including high availability (HA) failover and link failures.
High
Serious issues that will impair the operation of the system, including disconnection of a Log Collector or a commit failure.
Medium
Mid-level notifications, such as Antivirus package upgrades, or a Collector Group configuration push.
Low
Minor severity notifications, such as user password changes.
Informational
Notification events such as log in or log out, any configuration change, authentication success and failure notifications, commit success, and all other events that the other severity levels don’t cover.
Panorama stores the System and Config logs locally; the exact location and storage capacity varies by Panorama model (see Log and Report Storage). Upon reaching the capacity limit, Panorama deletes the oldest logs to create space for new logs. If you need to store the logs for longer periods than what the local storage allows, you can Configure Log Forwarding from Panorama to External Destinations.
For information on using Panorama to monitor firewall logs, see Monitor Network Activity.