Managed Collectors and Collector Groups

Panorama uses Log Collectors to aggregate logs from managed firewalls. When generating reports, Panorama queries the Log Collectors for log information, providing you visibility into all the network activity that your firewalls monitor. Because you use Panorama to configure and manage Log Collectors, they are also known as managed collectors. Panorama can manage two types of Log Collectors:
  • Local Log Collector—This type of Log Collector runs locally on the Panorama management server. Only an M-500 appliance, M-100 appliance, or Panorama virtual appliance in Panorama mode supports a local Log Collector.
    If you forward logs to a Panorama virtual appliance in Legacy mode, it stores the logs locally without a Log Collector.
  • Dedicated Log Collector—This is an M-500 or M-100 appliance in Log Collector mode. You can use an M-Series appliance in Panorama mode or a Panorama virtual appliance in Panorama or Legacy mode to manage Dedicated Log Collectors. To use the Panorama web interface for managing Dedicated Log Collectors, you must add them as managed collectors. Otherwise, administrative access to a Dedicated Log Collector is only available through its CLI using the predefined administrative user (admin) account. Dedicated Log Collectors don’t support additional administrative user accounts. 
You can use either or both types of Log Collectors to achieve the best logging solution for your environment (see Local and Distributed Log Collection).
A Collector Group is 1 to 16 managed collectors that operate as a single logical log collection unit. If the Collector Group contains Dedicated Log Collectors, Panorama uniformly distributes the logs across all the disks in each Log Collector and across all Log Collectors in the group. This distribution optimizes the available storage space. To enable a Log Collector to receive logs, you must add it to a Collector Group. You can enable log redundancy by assigning multiple Log Collectors to a Collector Group (see Caveats for a Collector Group with Multiple Log Collectors). The Collector Group configuration specifies which managed firewalls can send logs to the Log Collectors in the group.
To configure Log Collectors and Collector Groups, see Manage Log Collection.

Related Documentation