With regards to filter, this is the same approach in PANOS where you can define filter requires for sending specific flow to the remote collector. In my 1st case ATL_SERVER has a filter type defined
Now for the bad, the LogServer is a centralize device, so from a concept with regards to logging the logs are generate at the NGFW engines and carried back to the log server.
The log server now regenerates logs to be dump as netflow or syslog for example. This can cause some concerns if you have numerous NGFW engines dispatch globally and the logServer is not local to the NGFW engine.
Since if connectivity is lost, the flow could be delayed until path recovery has taken place.
NSE ( network security expert) and Route/Switching Engineer
kfelix -----a----t---- socpuppets ---dot---com
=( @ @ )=