Manage Collector Groups

A Collector Group is 1 to 16 Log Collectors that operate as a single logical unit for collecting firewall logs. You must assign at least one Log Collector to a Collector Group for firewalls to successfully send logs to a Log Collector. Firewall logs are dropped if there is no Collector Group configured or none of the Log Collectors are assigned to a Collector Group. You can configure a Collector Group with multiple Log Collectors to ensure log redundancy or to accommodate logging rates that exceed the capacity of a single Log Collector (see Panorama Models). To understand the risks and recommended mitigations, see Caveats for a Collector Group with Multiple Log Collectors.
The M-600, M-500, M-200 and M-100 appliances in Panorama mode have a predefined Collector Group that contains a predefined local Log Collector. You can edit all the settings of the predefined Collector Group except its name (default).
If you delete a Collector Group, you will lose logs.
Palo Alto Networks recommends preserving the predefined Log Collector and Collector Group on the Panorama management server, regardless of whether Panorama also manages Dedicated Log Collectors.
If you switch an M-Series appliance from Panorama mode to Log Collector mode, the appliance will lose its predefined Collector Group and Log Collector. You would then have to Set Up the M-Series Appliance as a Log Collector, add it as a managed collector to Panorama, and configure a Collector Group to contain the managed collector.

Related Documentation