Not Able To Forward Prisma Access Logs From Panorama To local Syslog Server

Not Able To Forward Prisma Access Logs From Panorama To local Syslog Server

17805
Created On 02/27/21 00:50 AM - Last Modified 04/21/21 23:14 PM


Symptom


  • On Panorama, Prisma Access logs showing up under GUI: Monitor>Traffic tab.
  • Used article How to forward Firewall logs from Panorama to Syslog to forward logs from Panorama to Syslog Server.
  • Created Traffic log filter in Collector Group to filter only Prisma logs.
  • Verified logs are found in the View Filtered Logs tab.
  • Committed configuration but no logs are being sent to Syslog server.

Environment


  • Panorama connected to Cortex Data Lake
  • Prisma Access

Cause


Cortex Data Lake does not forward logs to the Panorama Log Collector, instead, Panorama queries the CDL database and then presents the logs under the Monitor tab. 

Resolution


The only option to forward Prisma Access logs to Syslog is directly through Cortex Data Lake. Follow the steps listed in the documentation Forward Logs from Cortex Data Lake to a Syslog Server to complete the same.
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000001UeHCAU&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language