Migrate Log Collectors after Failure/RMA of Non-HA Panorama

Perform initial setup of the new Panorama appliance.

Rack mount the M-Series appliance if that is the new appliance. Refer to the M-100 or M-500 Appliance Hardware Reference Guide for instructions.
Perform Initial Configuration of the M-Series Appliance or Perform Initial Configuration of the Panorama Virtual Appliance.
If the old M-Series appliance used interfaces other than the MGT interface for Panorama services (such as log collection), you must define those interfaces during initial configuration of the new M-Series appliance (
Panorama
Setup
Interfaces
). The Panorama virtual appliance does not support interfaces other than MGT.
Register Panorama.
Transfer licenses as follows only if the new Panorama appliance is the same model as the old appliance. Otherwise, you must purchase new licenses.
Log in to the Palo Alto Networks Customer Support web site.
Select the
Assets
tab and click the
Spares
link.
Click the Serial Number of the new M-Series appliance.
Click
Transfer Licenses
.
Select
the old appliance and click
Submit
.
Activate a Panorama Support License.
Activate a firewall management license.
Install Content and Software Updates for Panorama.
The M-500 appliance requires Panorama 7.0 or a later release. For important details about software versions, see Panorama, Log Collector, Firewall, and WildFire Version Compatibility.

Restore the configuration from the old Panorama to the replacement Panorama.

Log in to the new Panorama and select
Panorama
Setup
Operations
.
Click
Import named Panorama configuration snapshot
,
Browse
to the backup configuration file, and click
OK
.
Click
Load named Panorama configuration snapshot
, select the
Name
of the file you just imported, and click
OK
.
Select
Commit
Commit to Panorama
and
Commit
your changes.
Select
Panorama
Managed Collectors
and verify that the Connected column displays a check mark for the Dedicated Log Collector.
If the Dedicated Log Collector doesn’t appear, you must reconfigure it and its Collector Group as described in step Reconfigure the Dedicated Log Collector and Collector Group if they are missing on Panorama.. Otherwise, skip to Step Fetch the ring file to restore access to the logs stored on the Dedicated Log Collector..

Reconfigure the Dedicated Log Collector and Collector Group if they are missing on Panorama.

Access the CLI of the Dedicated Log Collector and enter the following commands to display the name of its Collector Group.

Enter the command:
> 
request fetch ring from log-collector 
<serial_number>
The following error will display:
Server error: Failed to fetch ring info from 
<serial_number>
Enter the command:
> 
less mp-log ms.log
The following error will display:
Dec04 11:07:08 Error: pan_cms_convert_resp_ring_to_file(pan_ops_cms.c:3719): Current configuration does not contain group CA-Collector-Group
In this example, the error message indicates that the missing Collector Group has the name CA-Collector-Group.

Configure the Collector Group and assign the Dedicated Log Collector to it.

> 
configure  
# 
set log-collector-group 
<collector-group-name>  
# 
set log-collector-group 
<collector-group-name> logfwd-setting
collector 
<serial-number>

Commit the changes to Panorama but not to the Collector Group.

# 
commit  
# 
exit

Fetch the ring file to restore access to the logs stored on the Dedicated Log Collector.

Access the CLI of the new Panorama.

Fetch the ring file:

> 
request fetch ring from log-collector 
<serial-number>

For example:

> 
request fetch ring from log-collector 009201000343

If you don’t know the serial number of the Dedicated Log Collector, log in to its CLI and enter the

show system info

operational command.

Commit your changes to the Collector Group.

> 
commit-all log-collector-config log-collector-group 
<collector-group-name>