Palo Alto Panorama offers easy-to-implement and centralized management features to gain insight into network-wide traffic and threats, and administer your firewalls everywhere.
Panorama enables you to forward logs to external servers, including syslog, email, and SNMP trap servers. By forwarding logs to Blumira’s platform, you can reduce firewall load and provide a reliable approach to log forwarding.
With this configuration, Blumira will be able to provide log aggregation, threat detection, and actionable response for network segments protected by Palo Alto Panorama.
Before you begin
This integration requires a Blumira sensor to be installed before you can complete the steps below. Ensure that you complete the steps in Building a Blumira sensor with Ubuntu before you continue.
Obtain the IP address of your Blumira sensor to use when configuring the external service.
To gather the IP address of the sensor:
- In Blumira, navigate to Settings > Sensors.
- Click the sensor row to open the details page.
- Under Overview, in the Host Details box, copy the IP value.
Configuring log forwarding from Palo Alto Networks Panorama
To start sending logs to Blumira:
- Create a server profile:
- Navigate to Panorama > Server Profiles.
- Select Syslog.
- Configure the server profile, including:
- the IP address of the Blumira sensor you will use to collect log data
- port number 514
- Configure destinations:
- Select Panorama > Log Settings.
- For System, Correlation, and Threat logs, click each Severity level, select the Syslog server profile you just created for Blumira, and click OK.
- For WildFire logs, click each Verdict, select Syslog server profile for Blumira you just created, and click OK.
- Configure destinations for firewall logs that an M-Series appliance in Panorama or Log Collector mode collects (M-Series appliance only):
- Select Panorama > Collector Groups and select the Collector Group that receives the firewall logs.
- Click the Collector Log Forwarding tab.
- For each log Severity level in the System, Threat, and Correlation tabs, click a cell in the Syslog Profile column, and select the server profile you just created.
- In the Config, HIP Match, and Traffic tabs, select the Syslog server profile you just created.
- For each Verdict in the WildFire tab, click a cell in the Syslog Profile column, and select the server profile you just created.
- Click OK to save your changes to the Collector Group.
- Click Commit, set the Commit Type to Panorama, and click Commit again.
- Click Commit, set the Commit Type to Device Group.
- Select all the device groups of the firewalls from which Panorama collects logs. Include Device and Network Templates and click Commit again.
- Click Commit, set the Commit Type to Collector Group.
- Select the Collector Group you just configured to forward logs, and click Commit again. (M-Series appliance only)