Configure a Managed Collector
Perform initial setup of the M-Series appliance in Log Collector mode if you haven’t already.
Only Dedicated Log Collectors require this step.
|
Rack mount the M-Series appliance. Refer to the
M-100 or M-500 Hardware Reference Guide
for instructions.
Perform Initial Configuration of the M-Series Appliance.
When configuring interfaces, configure only the Management (MGT) interface. When you switch to Log Collector mode later in this procedure, the mode change removes any Eth1 and Eth2 interface configurations. If the Log Collector will use Eth1 and Eth2, add them when configuring the Log Collector later in this procedure.
Register Panorama and Install Licenses.
Install Content and Software Updates for Panorama.
Configure each array.
This task is required to make the RAID disks available for logging. Optionally, you can add disks to
Increase Storage on the M-Series Appliance.
|
Switch from Panorama mode to Log Collector mode.
Switching to Log Collector mode reboots the appliance, deletes any existing log data, and deletes all configurations except management access settings. Switching the mode does not delete licenses, software updates, or content updates.
|
Access the CLI of the M-Series appliance.
Enter the following command to switch to Log Collector mode:
>
request system system-mode Logger
Enter Y to confirm the mode change. The M-Series appliance reboots. If the reboot process terminates your terminal emulation software session, reconnect to the M-Series appliance to display the Panorama login prompt.
If you see a
CMS Login
prompt, press Enter without typing a username or password.
Log back in to the CLI.
Enter the following command to verify that the switch to Log Collector mode succeeded:
>
show system info | match system-mode
If the mode change succeeded, the output displays:
system-mode: logger
|
Enable connectivity among the M-Series appliances.
|
These steps vary by Log Collector type. For HA deployments,
<IPaddress1>
and
<IPaddress2>
are for the management interface of the primary and secondary Panorama management server respectively. For non-HA deployments, specify only
<IPaddress1>
.
Dedicated Log Collectors—Run the following commands at the CLI of each Log Collector:
> Configure
#
set deviceconfig system panorama-server <IPaddress1>
panorama-server-2 <IPaddress2>
# commit
Local Log Collectors—These steps are required only for an HA deployment:
Log into the CLI of the primary Panorama and enter:
> Configure
#
set deviceconfig system panorama-server <IPaddress2>
# commit
Log into the CLI of the secondary Panorama and enter:
> Configure
#
set deviceconfig system panorama-server <IPaddress1>
# commit
|
Record the serial number of the Log Collector.
You will need this when you add the Log Collector as a managed collector.
|
The steps to display the serial number vary by Log Collector type:
Local—Access the Panorama web interface and record the value on the
Dashboard
tab, General Information section,
Serial #
field. In an HA deployment, record the
Serial #
of each Panorama peer on which you will configure a Log Collector.
Dedicated—Access the Log Collector CLI, run the
show system info
command, and record the serial number.
|
Configure the general settings of the Log Collector.
|
Use the web interface of the primary Panorama management server to perform these steps:
Select
Panorama > Managed Collectors
and
Add
a new Log Collector or edit the predefined local Log Collector (named
default).
Although the secondary Panorama HA peer has a predefined local Log Collector, you must manually add it on the primary Panorama.
In the
General
tab,
Collector S/N
field, enter the serial number you recorded for the Log Collector.
|
Configure network access for the Log Collector.
Perform this step only for a Dedicated Log Collector or a local Log Collector on the secondary Panorama HA peer.
Although you defined similar parameters during initial configuration of the Panorama management server, you must re-define the parameters for the Log Collector.
|
In the
Panorama Server IP
field, enter the IP address or FQDN of the solitary (non-HA) or primary (HA) Panorama. For an HA deployment, enter the IP address or FQDN of the secondary Panorama peer in the
Panorama Server IP 2
field. These fields are required.
Configure the IP addresses of the
Primary DNS Server
and
Secondary DNS Server.
(
Optional
) Set the
Timezone
that Panorama will use to record log entries.
|
Configure administrative access to the Log Collector CLI.
Only Dedicated Log Collectors require this step. The default CLI administrator is
admin. You cannot modify this username nor add CLI administrators.
|
Select the
Authentication
tab, select the password
Mode, and enter the
Password
(the default is
admin
).
Enter the number of
Failed Attempts
to log in that Panorama allows before locking out the administrator. Enter the
Lockout Time
in minutes. These settings can help protect the Log Collector from a brute force attack.
|
Configure the Log Collector interfaces.
Perform this step only for a Dedicated Log Collector or a local Log Collector on the secondary Panorama HA peer.
The
Eth1
or
Eth2
interfaces are available only if you defined them during
initial configuration of the Panorama management server.
|
Configure each interface that the Log Collector will use. Only the
Management
interface is required.
For each interface, select the corresponding tab and configure one or both of the following field sets based on the IP protocols of your network.
IPv4—
IP Address,
Netmask, and
Default Gateway
IPv6—
IPv6 Address/Prefix Length
and
Default IPv6 Gateway
(
Optional
) In the
Management
tab, select the
SNMP
service if you will use SNMP to monitor the Log Collector.
Using SNMP requires additional steps besides configuring the Log Collector. For details, see
Monitor Panorama and Log Collector Statistics Using SNMP.
Click
OK
and
Commit, set the
Commit Type
to
Panorama, and click
Commit
again.
This step is required before you can enable logging disks or assign the Eth1 and Eth2 interfaces to logging functions.
(
Optional
) Edit the Log Collector and select the interfaces (
mgmt,
eth1, or
eth2) that it will use for
Device Log Collection
and
Collector Group Communication
(default is
mgmt).
|
(
Optional
) Configure the Log Collector admin authentication.
|
Select
Panorama > Managed Collectors
and edit the Log Collector by clicking its name.
Configure the Log Collector admin password:
Select the password
Mode.
If you select
Password
mode, enter a plaintext
Password
and
Confirm Password. If you selected
Password Hash
mode, enter a hashed password string of up to 63 characters.
(
Password Hash only
) Enter a hashed password string of up to 63 characters.
Configure the admin login security requirements:
Enter the number of login
Failed Attempts
value. The range is between the default 0 to the maximum of 10 where the value 0 specifies unlimited login attempts.
Enter the
Lockout Time
value between the default value 0 and the maximum of 60 minutes.
Click
OK
to save your changes.
|
Enable the logging disks.
|
Select
Disks
and
Add
each disk pair.
Click
OK
and
Commit, for the
Commit Type
select
Panorama, and click
Commit
again.
|
Verify your changes.
|
Verify that the
Panorama > Managed Collectors
page lists the Log Collector you added. The Connected column displays a check mark to indicate that the Log Collector is connected to Panorama. You might have to wait a few minutes before the page displays the updated connection status.
Until you
Configure a Collector Group
and perform a Collector Group commit, the Configuration Status column displays Out of Sync, the Run Time Status column displays disconnected, and the CLI command
show interface all
displays the interfaces as
down
.
Click
Statistics
in the last column to verify that the logging disks are enabled.
|
Next steps...
|
Before a Log Collector can receive firewall logs, you must:
Configure Log Forwarding to Panorama.
Configure a Collector Group. The predefined local Log Collector is preassigned to a predefined Collector Group.
|