Re: Palo Alto Panorama Logging

["Everett, Alex D" <alex.everett () UNC EDU>]

We primarily use syslog to Splunk for firewall logs.

Occasionally, we will use Panorama, but not often.


Sincerely,


Alex Everett

University of North Carolina at Chapel Hill

________________________________
From: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> on behalf of JR Ramirez 
<jrramirez30 () GMAIL COM>
Sent: Thursday, April 27, 2017 7:49:59 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Palo Alto Panorama Logging

We do a combination of Splunk and sending logs to a MySQL server for quicker searches.

JR

On Apr 27, 2017, at 6:18 PM, Bradley, Stephen <bradlesw () MIAMIOH EDU<mailto:bradlesw () MIAMIOH EDU>> wrote:

We also send to ELK and certain things to a Splunk server. Panorama 8.X is up to 30x faster. New format.

Steve

On Apr 27, 2017 17:02, "Brandon Dixon" <bdixon2 () murraystate edu<mailto:bdixon2 () murraystate edu>> wrote:
We have been running Palo Alto's Panorama central management & logging platform for a little over a year now.  We have 
a couple of 10Gb firewalls and a 1Gb firewall that it manages and collects logs from.  We've had issues since we set it 
up that we've been working with TAC to try and resolve and have  not been able to.  But even despite those, I find the 
log search to be pretty weak and cumbersome when it comes to trying to track down a specific log file.

My question is, for those who run Panorama, are you using anything alongside Panorama to collect/analyze/search the 
logs from it?  If so, do you bother giving Panorama a large amount of storage?

--
Brandon Dixon
Network Engineer
Information Systems
Murray State University
Phone: (270) 809-3694<tel:%28270%29%20809-3694>
Fax:   (270) 809-3465<tel:%28270%29%20809-3465>


MSU Information Systems staff will never ask for your password or other confidential information via email.