: Set Up the Panorama Virtual Appliance with Local Log Collector
Focus
Focus

Set Up the Panorama Virtual Appliance with Local Log Collector

Table of Contents

Set Up the Panorama Virtual Appliance with Local Log Collector

If the Panorama virtual appliance is in Legacy mode after you upgrade from a Panorama 8.0 or earlier release to a Panorama 8.1 (or later) release, switch to Panorama mode in order to create a local Log Collector, add multiple logging disks without losing existing logs. increase log storage up to 24TB, and enable faster report generation.
Once you change from Legacy mode to Panorama mode, Legacy mode will no longer be available.
After upgrading to Panorama 8.1, the first step is to increase the system resources on the virtual appliance to the minimum required for Panorama mode. Panorama reboots when you increase resources, so perform this procedure during a maintenance window. You must install a larger system disk (81GB), increase CPUs and memory based on the log storage capacity, and add a virtual logging disk. The new logging disk must have at least as much capacity as the appliance currently uses in Legacy mode and cannot be less than 2TB. Adding a virtual disk enables you to migrate existing logs to the Log Collector and enables the Log Collector to store new logs.
If Panorama is deployed in an HA configuration, perform the following steps on the secondary peer first and then on the primary peer.
  1. Determine which system resources you need to increase before the virtual appliance can operate in Panorama mode.
    You must run the command specified in this step even if you have determined that Panorama already has adequate resources.
    1. Access the Panorama CLI:
      1. Use terminal emulation software such as PuTTY to open an SSH session to the IP address that you specified for the Panorama MGT interface.
      2. Log in to the CLI when prompted.
    2. Check the resources you must increase by running the following command:
      >
      request system system-mode panorama
      Enter
      y
      when prompted to continue. The output specifies the resources you must increase. For example:
      Panorama mode not supported on current system disk of size 52.0 GB. Please attach a disk of size 81.0 GB, then use 'request system clone-system-disk' to migrate the current system disk Please add a new virtual logging disk with more than 50.00 GB of storage capacity. Not enough CPU cores: Found 4 cores, need 8 cores
  2. Increase the CPUs and memory, and replace the system disk with a larger disk.
    1. Access the VMware ESXi vSphere Client, select
      Virtual Machines
      , right-click the Panorama virtual appliance, and select
      Power
      Power Off
      .
    2. Right-click the Panorama virtual appliance and
      Edit Settings
      .
    3. Select
      Memory
      and enter the new
      Memory Size
      .
    4. Select
      CPUs
      and specify the number of CPUs (the
      Number of virtual sockets
      multiplied by the
      Number of cores per socket
      ).
    5. Add a virtual disk.
      You will use this disk to replace the existing system disk.
      1. In the
        Hardware
        settings,
        Add
        a disk, select
        Hard Disk
        as the hardware type, and click
        Next
        .
      2. Create a new virtual disk
        and click
        Next
        .
      3. Set the
        Disk Size
        to exactly 81GB and select the
        Thick Provision Lazy Zeroed
        disk format.
      4. Select
        Specify a datastore or datastore structure
        as the location,
        Browse
        to a datastore of at least 81GB, click
        OK
        , and click
        Next
        .
      5. Select a SCSI
        Virtual Device Node
        (you can use the default selection) and click
        Next
        .
        Panorama will fail to boot if you select a format other than SCSI.
      6. Verify that the settings are correct and then click
        Finish
        and
        OK
        .
    6. Right-click the Panorama virtual appliance and select
      Power
      Power On
      . Wait for Panorama to reboot before continuing.
    7. Return to the Panorama CLI and copy the data from the original system disk to the new system disk:
      >
      request system clone-system-disk target sdb
      Enter
      y
      when prompted to continue.
      The copying process takes around 20 to 25 minutes, during which Panorama reboots. When the process finishes, the output tells you to shut down Panorama.
    8. Return to the vSphere Client console, right-click the Panorama virtual appliance, and select
      Power
      Power Off
      .
    9. Right-click the Panorama virtual appliance and
      Edit Settings
      .
    10. Select the original system disk, click
      Remove
      , select
      Remove from virtual machine
      , and click
      OK
      .
    11. Right-click the Panorama virtual appliance and
      Edit Settings
      .
    12. Select the new system disk, set the
      Virtual Device Node
      to
      SCSI (0:0)
      , and click
      OK
      .
    13. Right-click the Panorama virtual appliance and select
      Power
      Power On
      . Before proceeding, wait for Panorama to reboot on the new system disk (around 15 minutes).
  3. Add a virtual logging disk.
    This is the disk to which you will migrate existing logs.
    1. In the VMware ESXi vSphere Client, right-click the Panorama virtual appliance and select
      Power
      Power Off
      .
    2. Right-click the Panorama virtual appliance and
      Edit Settings
      .
    3. Repeat the steps to Add a virtual disk. Set the
      Disk Size
      to a multiple of 2TB based on the amount of log storage you need. The capacity must be at least as large as the existing virtual disk or NFS storage that Panorama currently uses for logs. The disk capacity must be a multiple of 2TB and can be up to 24TB. For example, if the existing disk has 5TB of log storage, you must add a new disk of at least 6TB.
      After you switch to Panorama mode, Panorama will automatically divide the new disk into 2TB partitions, each of which will function as a separate virtual disk.
    4. Right-click the Panorama virtual appliance and select
      Power
      Power On
      . Wait for Panorama to reboot before continuing.
  4. Switch from Legacy mode to Panorama mode.
    After switching the mode, the appliance reboots again and then automatically creates a local Log Collector and Collector Group. The existing logs won’t be available for querying or reporting until you migrate them later in this procedure.
    1. Return to the Panorama CLI and run the following command.
      >
      request system system-mode panorama
      Enter
      y
      when prompted to continue. After rebooting, Panorama automatically creates a local Log Collector (named Panorama) and creates a Collector Group (named default) to contain it. Panorama also configures the virtual logging disk you added and divides it into separate 2TB disks. Wait for the process to finish and for Panorama to reboot (around five minutes) before continuing.
    2. Log in to the Panorama web interface.
    3. In the
      Dashboard
      ,
      General Information
      settings, verify that the
      Mode
      is now
      panorama
      .
      In an HA deployment, the secondary peer is in a suspended state at this point because its mode (Panorama) does not match the mode on the primary peer (Legacy). You will un-suspend the secondary peer after switching the primary peer to Panorama mode later in this procedure.
    4. Select
      Panorama
      Collector Groups
      to verify that the
      default
      collector group has been created, and that the local Log Collector is part of the default collector group.
    5. Push the configuration to the managed devices.
      • If there are no pending changes:
        1. Select
          Commit
          Push to Devices
          and
          Edit Selections
          .
        2. Select
          Collector Group
          and make sure the
          default
          collector group is selected.
        3. Click
          OK
          and
          Push
          .
      • If you have pending changes:
        1. Select
          Commit
          Commit and Push
          and
          Edit Selections
          .
        2. Verify that your
          Device Group
          devices and
          Templates
          are included.
        3. Select
          Collector Group
          and make sure the
          default
          collector group is selected.
        4. Click
          OK
          and
          Commit and Push
          .
    6. Select
      Panorama
      Managed Collectors
      and verify that the columns display the following information for the local Log Collector:
      • Collector Name—This defaults to the Panorama hostname. It should be listed under the
        default
        Collector Group.
      • Connected—Check mark
      • Configuration Status—In sync
      • Run Time Status—connected
  5. (
    HA only
    ) Switch the primary Panorama from Legacy mode to Panorama mode.
    This step triggers failover.
    1. Repeat Step 1 through Step 4 on the primary Panorama.
      Wait for the primary Panorama to reboot and return to an active HA state. If preemption is not enabled, you must manually fail back: select
      Panorama
      High Availability
      and, in the Operational Commands section,
      Make local Panorama functional
      .
    2. On the primary Panorama, select
      Dashboard
      and, in the High Availability section,
      Sync to peer
      , click
      Yes
      , and wait for the
      Running Config
      to display
      Synchronized
      status.
    3. On the secondary Panorama, select
      Panorama
      High Availability
      and, in the Operational Commands section,
      Make local Panorama functional
      .
      This step is necessary to bring the secondary Panorama out of its suspended HA state.
  6. Migrate existing logs to the new virtual logging disks.
    If you deployed Panorama in an HA configuration, perform this only on the primary peer.
    Palo Alto Networks recommends migrating existing logs to the new virtual logging disks during your maintenance window. The log migration requires a large number of the Panorama virtual appliance CPU cores to execute and impacts Panorama operational performance.
    1. Return to the Panorama CLI.
    2. Start the log migration:
      >
      request logdb migrate vm start
      The process duration varies by the volume of log data you are migrating. To check the status of the migration, run the following command:
      >
      request logdb migrate vm status
      When the migration finishes, the output displays:
      migrationhas been done
      .
    3. Verify that the existing logs are available.
      1. Log in to the Panorama web interface.
      2. Select
        Panorama
        Monitor
        , select a log type that you know matches some existing logs (for example,
        Panorama
        Monitor
        System
        ), and verify that the logs display.
  7. Next steps...
    Configure log forwarding to Panorama so that the Log Collector receives new logs from firewalls.

Recommended For You