Log Collector CLI Authentication Settings

  • Panorama > Managed Collectors > Authentication
An M-Series appliance in Log Collector mode (Dedicated Log Collector) has no web interface, only a CLI. You can use the Panorama management server to configure most settings on a Dedicated Log Collector but some settings require CLI access. To configure authentication settings for CLI access, configure the settings as described in the following table.
Log Collector Authentication Settings
Description
Users
Always displays as admin and is used for the local CLI login name on the Log Collector.
Mode
Select the password Mode:
  • Password—Enter a plaintext Password and Confirm Password.
  • Password Hash—Enter a hashed password string. This can be useful if, for example, you want to reuse the password of an existing Unix account but do not know the plaintext password, only the hashed password. Panorama accepts any string of up to 63 characters regardless of the algorithm used to generate the hash value. The operational CLI command request password-hash password <password> uses the MD5 algorithm. When you commit your changes, Panorama pushes the hash value to the Log Collector and the administrator password will be the specified <password>.
Failed Attempts
Enter the number of failed login attempts allowed on the CLI before locking out the administrator account (0 to 10). A value of 0 specifies unlimited login attempts. The default value is 0 for Log Collectors in normal operational mode and 10 for Log Collectors in FIPS-CC mode. Limiting login attempts can help protect the Log Collector from brute force attacks.
If you set the Failed Attempts to a value other than 0 but leave the Lockout Time at 0, the Failed Attempts is ignored and the user is never locked out. If you use the default 0 for both fields, the user is never locked out.
Lockout Time
Enter the number of minutes for which the Log Collector locks out the administrator out after reaching the number of Failed Attempts (range is 0 to 60; default is 0).
If you set the Lockout Time to a value other than 0 but leave the Failed Attempts at 0, the Lockout Time is ignored and the user is never locked out. If you use the default 0 for both fields, the user is never locked out.

Related Documentation