© Palo Alto Networks, Inc.
Panorama 7.0 Administrator’s Guide • 135
Manage Log Collection
Configure Log Forwarding from Panorama to External Destinations
Step 4 (M‐Series appliance only) Configure the
destinations for firewall logs that an
M‐Series appliance in Panorama or Log
Collector mode collects.
Each Collector Group can
forward logs to different
destinations. If the Log Collectors
are local to a high availability (HA)
pair of M‐Series appliances in
Panorama mode, you must log
into each HA peer to configure
log forwarding for its Collector
1. Select Panorama > Collector Groups and select the Collector
Group that receives the firewall logs.
2. Select the Collector Log Forwarding tab.
3. For each log Severity level in the System, Threat, and
Correlation tabs, click a cell in the SNMP Trap, Email Profile,
or Syslog Profile column, and select the server profile you just
4. In the Config, HIP Match, and Traffic tabs, select the SNMP
Trap, Email, or Syslog server profile you just created.
5. For each Verdict in the WildFire tab, click a cell in the SNMP
Trap, Email Profile, or Syslog Profile column, and select the
server profile you just created.
6. Click OK to save your changes to the Collector Group.
Step 5 (SNMP trap forwarding only) Enable your
SNMP manager to interpret traps.
Load the Supported MIBs for Palo Alto Networks devices and, if
necessary, compile them. For the specific steps, refer to the
documentation of your SNMP manager.
Step 6 (Syslog forwarding only) If the syslog
server requires client authentication, and
the firewalls forward logs to M‐Series
appliances in Log Collector mode, assign
a certificate that secures syslog
communication over SSL.
Perform the following steps for each M‐Series appliance in Log
1. Select Panorama > Managed Collectors and select the Log
2. In the General tab, select the Certificate for Secure Syslog,
and click OK.
Step 7 Commit your configuration changes.
1. Click Commit, for the Commit Type select Panorama, and
click Commit again.
2. Click Commit, for the Commit Type select Device Group,
select all the device groups of the firewalls from which
Panorama collects logs, select the Include Device and
Network Templates check box, and click Commit again.
3. (M‐Series appliance only) Click Commit, for the Commit Type
select Collector Group, select the Collector Group you just
configured to forward logs, and click Commit again.
Step 8 (Optional) Verify the external services
are receiving logs from Panorama.
• Email server—Verify that the specified recipients are receiving
logs as email notifications.
• Syslog server—Refer to the documentation for your syslog server
to verify it is receiving logs as syslog messages.
• SNMP manager—Use an SNMP Manager to Explore MIBs and
Objects to verify it is receiving logs as SNMP traps.
Configure Log Forwarding from Panorama to External Destinations (Continued)