Local and Distributed Log Collection
Before you Configure Log Forwarding to Panorama, you must decide whether to use local Log Collectors, Dedicated Log Collectors, or both.
A local Log Collector is easy to deploy because it requires no additional hardware or virtual machine instance. In a high availability (HA) configuration, you can send logs to the local Log Collector on both Panorama peers; the passive Panorama doesn’t wait for failover to start collecting logs.
For local log collection, you can also forward logs to a Panorama virtual appliance in Legacy mode, which stores the logs without using a Log Collector as a logical container.
Dedicated Log Collectors are M-500 or M-100 appliances in Log Collector mode. Because they perform only log collection, not firewall management, Dedicated Log Collectors allow for a more robust environment than local Log Collectors. Dedicated Log Collectors provide the following benefits:
- Enable the Panorama management server to use more resources for management functions instead of logging.
- Provide high-volume log storage on a dedicated hardware appliance.
- Enable higher logging rates.
- Provide horizontal scalability and redundancy with RAID 1 storage.
- Optimize bandwidth resources in networks where more bandwidth is available for firewalls to send logs to nearby Log Collectors than to a remote Panorama management server.
- Enable you to meet regional regulatory requirements (for example, regulations might not allow logs to leave a particular region).
Distributed Log Collection illustrates a topology in which the Panorama peers in an HA configuration manage the deployment and configuration of firewalls and Dedicated Log Collectors.
You can deploy the Panorama management server in an HA configuration but not the Dedicated Log Collectors.
Managed Collectors and Collector Groups
Managed Collectors and Collector Groups Panorama uses Log Collectors to aggregate logs from managed firewalls. When generating reports, Panorama queries the Log Collectors for log ...
Panorama Models Panorama is available as one of the following virtual or physical appliances, each of which supports licenses for managing up to 25, 100, ...
Manage Log Collection
Manage Log Collection All Palo Alto Networks firewalls can generate logs that provide an audit trail of firewall activities. For Centralized Logging and Reporting , ...
Deploy Panorama with Dedicated Log Collectors
Deploy Panorama with Dedicated Log Collectors The following figures illustrate Panorama in a distributed log collection deployment. In these examples, the Panorama management server comprises ...
Deploy Panorama M-Series Appliances with Local Log Collectors
Deploy Panorama M-Series Appliances with Local Log Collectors The following figures illustrate Panorama in a centralized log collection deployment. In these examples, the Panorama management ...
Log Collector Configuration
Log Collector Configuration Select Panorama Managed Collectors to manage Log Collectors. When you Add a new Log Collector as a managed collector, the settings you ...
Extended Support for Multiple Panorama Interfaces
Extended Support for Multiple Panorama Interfaces To accommodate network segmentation and security requirements in a large-scale deployment, you can now separate the Panorama management functions ...
Set Up the Panorama Virtual Appliance
Set Up the Panorama Virtual Appliance The Panorama virtual appliance enables you to use your existing VMware virtual infrastructure to centrally manage and monitor Palo ...