Design Your Logging Infrastructure
Expand all | Collapse all
Design Your Logging Infrastructure
Best practices for implementing logging infrastructure
for storing logs forwarded from managed firewalls.
It is a best practice to plan and design your
logging infrastructure before you deploy new managed firewalls.
The Panorama management server provides
multiple modes for device
management and log collection. Panorama mode allows you to both manage
your firewall configuration and ingest and store logs. If you want
your Panorama to have a single function, Log Collector mode is designed
solely for log ingestion and storage while Management Only mode
is designed solely for firewall configuration management.
Use the
Panorama Sizing and Design Guide to
calculate the logging rate and determine your log storage requirements.
This is important when deciding on the log storage capacity of your
Log Collectors and can be based on numerous factors such as regulatory
requirements.
Consult your Sales Engineer (SE) when sizing
your logging infrastructure. They will provide you with the technical
expertise needed to interpret and customize your deployment to meet
your needs.
Do not use Legacy mode if you are deploying a
Panorama virtual appliance due to
the many logging limitations and restrictions associated with this
mode. While suitable for a lab or demo environment, avoid using
a Panorama in Legacy mode in your production environment.
Use a
separate interface for
log collection on your managed firewalls. This helps you maintain
performance on your management interface which is communicating
with Panorama. As a sound security best practice, configure a permitted IP
list for all interfaces.