Specific threat log types (packet, scan, and flood) are not being forwarded to Panorama

The firewall is configured to forward all logs to Panorama, but specific threat log types (packet, scan, and flood) are not being forwarded and do not have a 'Log Action' entry when viewed from the firewalls 'Monitor/Threat Logs' tab.

• Any Panorama.
• Palo Alto Firewalls.
• PAN-OS 8.1 and above.
• Firewalls configured to Send Logs to Panorama.

Certain types of threat logs such as packet, scan, and flood are triggered by Zone Protection profiles and are therefore considered Zone logs, which are not subject to Log Forwarding actions configured for security policies.
See the Difference between Log Forwarding for a Zone and Security Policy Log Forwarding for further information.

 

• Configure Log forwarding (GUI: Objects > Log Forwarding) and include the threat logs in the profile.
• Configure Log settings under GUI: Network > Zones > (name) > Select the name of the Log Forwarding profile configured under "Log Setting"
• Click OK
• Commit the changes.

Important:
If you are configuring the Zone in a Panorama template, the Log Setting drop-down lists only shared Log Forwarding profiles; to specify a non-shared profile, you must "type" its name.