Log Forwarding Profiles
Log forwarding profiles allow you to forward traffic and threat logs to Panorama or an external system. A log forwarding profile can be added to a security zone to forward zone protection logs or to a security policy to forward logs for traffic that matches that policy. You can also configure a default log forwarding profile—the settings in the default profile will be used as the default log forwarding settings for new security zones and new security policies. This allows you to consistently include your organization’s preferred log forwarding settings in new policies and zones automatically, without administrators having to manually add them each time.
The following sections show how to create a log forwarding profile and how to enable a profile to be used as the default log forwarding settings for new security policies or security zones:
Create a Log Forwarding Profile
Create a log forwarding profile that can be added to security policies and security zones, in order to forward traffic and threat logs to Panorama or an external system. Forwarded logs can be sent as SNMP traps, syslog messages, or email notifications.
Enable a Log Forwarding Profile
Add a log forwarding profile. Select Objects > Log Forwarding Profile and Add a new security profile group. Give the profile group a descriptive Name to help identify it when adding the profile to security policies or security zones. If the firewall is in Multiple Virtual System Mode, enable the profile to be Shared by all virtual systems. Add settings for the Traffic logs, Threat logs, and WildFire logs: Select the Panorama check box for the severity of the Traffic, Threat, or WildFire logs that you want to be forwarded to Panorama. Specify logs that you want to forward to additional destinations: SNMP Trap destinations, Email servers, or Syslog servers. Click OK to save the log forwarding profile.
Add the log forwarding profile to a security policy. Traffic that matches the security policy and your log forwarding profile will be forwarded to the destinations defined in your profile. For more details on security policies, see Security Policy. Select Policies > Security and Add or modify a security policy. Select Actions and the log forwarding profile you created in the Log Forwarding Profile drop-down. Threat log entries are generated according to the security profiles you have configured, in addition to the settings defined in the log forwarding profile. For more details on security profiles, see Security Profiles. Click OK to save the security policy.
Add the log forwarding profile to a security zone. For more details on setting up security zones, see Configure Interfaces and Zones. Select Network > Zones and Add or modify a security zone. Select the log forwarding profile from the Log Setting drop-down. Click OK to save the security zone.
Save your changes. Commit.
Set Up or Override a Default Log Forwarding Profile
Add a new log forwarding profile or modify an existing one to be used as the default log forwarding settings for new security policy rules or new security zones. When an administrator creates a new security policy or a new security zone, the default log forwarding profile will be automatically selected as the policy or zone’s log forwarding settings (the administrator can choose to manually select different log forwarding settings if desired). Use the following options to set up a default log forwarding profile or to override your default settings.
If no default security profile exists, the profile settings for a new security policy are set to None by default.
Set Up or Override a Default Log Forwarding Profile
Set up a default log forwarding profile. Select Objects > Log Forwarding and Add a new log forwarding profile or modify an existing profile. Name the security profile group default:
Click OK and Commit. Confirm that the default log forwarding profile is included in new security policies by default: Select Policies > Security and Add a new security policy. Select the Actions tab and ensure the Log Forwarding field shows the default profile selected:
Confirm the default log forwarding profile is included in new security zones by default: Select Network > Zones and Add a new security zone. Ensure the Log Setting field shows the default log forwarding profile selected:
Override a default log forwarding profile. If you have an existing default log forwarding profile, and you do not want the log forwarding settings defined in that profile to be applied to a new security policy or a new security zone, continue to modify the Log Setting field in the policy or zone according to your preference.

Related Documentation