to use for the Panorama management server and Log Collectors based on the geographic distribution of managed firewalls, logging rate, and log retention requirements.
You can configure a Collector Group with multiple Log Collectors to ensure log redundancy, increase the log retention period, or accommodate logging rates that exceed the capacity of a single Log Collector (see
for capacity information). To understand the requirements, risks and recommended mitigations, see
Caveats for a Collector Group with Multiple Log Collectors.
By default, each firewall stores its log files locally. To use Panorama for centralized log monitoring and report generation, you must
Configure Log Forwarding to Panorama. You can also
Configure Log Forwarding from Panorama to External Destinations
for archiving, notification, or analysis. When forwarding from Panorama, you can include the System and Config logs that Panorama and its Log Collectors generate. External services include syslog servers, email servers, or SNMP trap servers. The firewall, Panorama virtual appliance, or M-Series appliance that forwards the logs to external services converts the logs to the appropriate format (syslog message, email notification, or SNMP trap).