You need to create an HTTP server profile to forward logs to an HTTP(S) destination. The HTTP server profile allows you to specify how to access the server and define the format in which to forward logs to the HTTP(S) destination. By default, the Palo Alto firewall uses the management port to forward logs. However, you can also assign a different source interface and IP address in the
DeviceSetupServicesService route configuration.