1. Home
    2. Panorama
    3. Panorama Administrator's Guide
    4. Manage Log Collection
    5. Manage Collector Groups
    6. Move a Log Collector to a Different Collector Group

    Move a Log Collector to a Different Collector Group

    M-600, M-500, M-200, M-100 and Panorama virtual appliances can have one or more Log Collectors in each Collector Group. You assign Log Collectors to a Collector Group based on the logging rate and log storage requirements of that Collector Group. If the rates and required storage increase in a Collector Group, the best practice is to Increase Storage on the M-Series Appliance or Configure a Collector Group with additional Log Collectors. However, in some deployments, it might be more economical to move Log Collectors between Collector Groups.
    When a Log Collector is local to an M-500 or M-100 appliance in Panorama mode, move it only if the appliance is the passive peer in a high availability (HA) configuration. HA synchronization applies the configurations associated with the new Collector Group. Never move a Log Collector that is local to the active HA peer.
    In any single Collector Group, all the Log Collectors must run on the same Panorama model: all M-600 appliances, all M-500 appliances, all M-200 appliances, all M-100 appliances, or all Panorama virtual appliances.
    Log redundancy is available only if each Log Collector has the same number of logging disks. To add disks to a Log Collector, see Increase Storage on the M-Series Appliance.
    1. Remove the Log Collector from Panorama management.
      1. Select
        Panorama
        Collector Groups
         and edit the Collector Group that contains the Log Collector you will move.
      2. In the Collector Group Members list, select and
        Delete
         the Log Collector.
      3. Select
        Device Log Forwarding
         and, in the Log Forwarding Preferences list, perform the following steps for each set of firewalls assigned to the Log Collector you will move:
        1. In the Devices column, click the link for the firewalls assigned to the Log Collector.
        2. In the Collectors column, select and
          Delete
           the Log Collector.
          To reassign the firewalls,
          Add
           the new Log Collector to which they will forward logs.
        3. Click
          OK
           twice to save your changes.
      4. Select
        Panorama
        Managed Collectors
         and then select and
        Delete
         the Log Collector you will move.
    2. Add the Log Collector to its new Collector Group and assign firewalls to the Log Collector.
      When you push changes to the Collector Group configuration, Panorama starts redistributing logs across the Log Collectors. This process can take hours for each terabyte of logs. During the redistribution process, the maximum logging rate is reduced. In the
      Panorama
      Collector Groups
       page, the Log Redistribution State column indicates the completion status of the process as a percentage.
    3. Configure Log Forwarding to Panorama for the new Collector Group you configured.
    4. Select
      Commit
      Commit and Push
       to commit your changes to Panorama and push the changes to device groups, templates, and Collector Groups if you have not already done so.

    Recommended For You

    Recommended Videos

    Recommended videos not found.

    © 2022 Palo Alto Networks, Inc. All rights reserved.

    Techdocs Logo