Re: [EXTERNAL] [SECURITY] Palo Alto Panorama Logging

["Klein Keane, Justin" <Klein_KeaneJ () MLHS ORG>]

Hello,

  We’ve had great luck just sending Palo logs off via syslog to an external host and doing analysis in Splunk or a free 
ELK server, or even just OSSEC.  Panorama can be really slow and unresponsive and is essentially a passive tool.

Cheers,

Justin C. Klein Keane, MA MCIT CEPT C|EH
Security Architect
Enterprise Architecture and Security
Main Line Health Information Technology
https://www.mainlinehealth.org/
klein_keanej () mlhs org
484-596-2203

From: Brandon Dixon<mailto:bdixon2 () MURRAYSTATE EDU>
Sent: Thursday, April 27, 2017 5:02 PM
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
Subject: [EXTERNAL] [SECURITY] Palo Alto Panorama Logging

We have been running Palo Alto's Panorama central management & logging
platform for a little over a year now.  We have a couple of 10Gb
firewalls and a 1Gb firewall that it manages and collects logs from.
We've had issues since we set it up that we've been working with TAC to
try and resolve and have  not been able to.  But even despite those, I
find the log search to be pretty weak and cumbersome when it comes to
trying to track down a specific log file.

My question is, for those who run Panorama, are you using anything
alongside Panorama to collect/analyze/search the logs from it?  If so,
do you bother giving Panorama a large amount of storage?

--
Brandon Dixon
Network Engineer
Information Systems
Murray State University
Phone: (270) 809-3694
Fax:   (270) 809-3465



MSU Information Systems staff will never ask for your password or other confidential information via email.