A local Log Collector is easy to deploy because it requires no
additional hardware or virtual machine instance. In a high availability
(HA) configuration, you can send logs to the local Log Collector
on both Panorama peers; the passive Panorama doesn’t wait for failover
to start collecting logs.
For local log collection, you can also forward logs to
a Panorama virtual appliance in Legacy mode, which stores the logs
without using a Log Collector as a logical container.
Dedicated Log Collectors are M-600, M-500, M-200, or Panorama
virtual appliance in Log Collector mode. Because they perform only
log collection, not firewall management, Dedicated Log Collectors
allow for a more robust environment than local Log Collectors. Dedicated
Log Collectors provide the following benefits:
Enable the Panorama management server to use more resources
for management functions instead of logging.
Provide high-volume log storage on a dedicated hardware appliance.
Enable higher logging rates.
Provide horizontal scalability and redundancy with RAID 1
Optimize bandwidth resources in networks where more bandwidth
is available for firewalls to send logs to nearby Log Collectors
than to a remote Panorama management server.
Enable you to meet regional regulatory requirements (for
example, regulations might not allow logs to leave a particular
Log Collection illustrates a topology in which the Panorama
peers in an HA configuration manage the deployment and configuration
of firewalls and Dedicated Log Collectors.
You can deploy the Panorama management server in an HA
configuration but not the Dedicated Log Collectors.