https://live.paloaltonetworks.com/t5/general-topics/pa4050-panorama-log-archive-strategy-help/m-p/7265#M5382 <HTML><HEAD></HEAD><BODY><P>This is how I have mine setup:</P><P></P><P>Under Device &gt; Log Settings, we have both System and Config logs being sent to the Panorama server.</P><P></P><P>Under Object &gt; Log Forwarding, we have a profile setup to forward all threat and traffic logs to the Panorama server. We apply this profile under the options of each security policy.</P></BODY></HTML> Fri, 21 Jan 2011 21:05:30 GMT mharding 2011-01-21T21:05:30Z https://live.paloaltonetworks.com/t5/general-topics/pa4050-panorama-log-archive-strategy-help/m-p/7263#M5380 <HTML><HEAD></HEAD><BODY><P>We have one of our new PA4050s running in TAP mode listening to our datacentre firewalls (the firewalls they will replace - these are ASFs running Checkpoint FW1). We are also running Panorama on test machine in our testlab. The PA4050s are logging locally obviously and we're auto archiving off every day the threat, URL &amp; traffic logs to an FTP server in csv format.</P><P></P><P>My question is - what is the best way forward for implimenting a proper log archiving strategy? I'm coming from a Checkpoint world - where it's fairly easy to archive log files off then load them back onto the management platform to view in the log GUI&nbsp; - and the customer likes this.</P><P></P><P>I don't see any way in Panorama of doing this - in fact the size of the logs is worrying also - we're running Panorama on a test client so it's only 10GB disk space for the VMARE - but already it looks as though I'll only get around 2 days of logs on the panorama. Our VAR suggested via PA themselves that we should have around 80GB on our live Panormama (we need the logs for around min 6 months) - but at that rate we would only get about 16 days (ish!!) of logs ever on the Panorama!!&nbsp; The PA4050 itself still has the full weeks worth of logs locally for the time it's been in for - and as mentioned I'm archiving that off - but it still looks very cumbersome to the customer searching through large daily CSV files.</P><P></P><P>Help!! Does anyone have any advice?</P><P>Thanks!</P></BODY></HTML> Thu, 20 Jan 2011 15:17:15 GMT https://live.paloaltonetworks.com/t5/general-topics/pa4050-panorama-log-archive-strategy-help/m-p/7263#M5380 fmd 2011-01-20T15:17:15Z https://live.paloaltonetworks.com/t5/general-topics/pa4050-panorama-log-archive-strategy-help/m-p/7264#M5381 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P>I have the same issue.</P><P>Hope someone could suggest us something interesting. <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P></BODY></HTML> Fri, 21 Jan 2011 15:47:04 GMT https://live.paloaltonetworks.com/t5/general-topics/pa4050-panorama-log-archive-strategy-help/m-p/7264#M5381 migration 2011-01-21T15:47:04Z https://live.paloaltonetworks.com/t5/general-topics/pa4050-panorama-log-archive-strategy-help/m-p/7265#M5382 <HTML><HEAD></HEAD><BODY><P>This is how I have mine setup:</P><P></P><P>Under Device &gt; Log Settings, we have both System and Config logs being sent to the Panorama server.</P><P></P><P>Under Object &gt; Log Forwarding, we have a profile setup to forward all threat and traffic logs to the Panorama server. We apply this profile under the options of each security policy.</P></BODY></HTML> Fri, 21 Jan 2011 21:05:30 GMT https://live.paloaltonetworks.com/t5/general-topics/pa4050-panorama-log-archive-strategy-help/m-p/7265#M5382 mharding 2011-01-21T21:05:30Z https://live.paloaltonetworks.com/t5/general-topics/pa4050-panorama-log-archive-strategy-help/m-p/7266#M5383 <HTML><HEAD></HEAD><BODY><P>The logging volumes on the PA-500, PA20xx and PA-40xx are all the same size and are not intended to store excessive amounts of data this is because the primary function they serve is as Firewall's and not reporting devices. Currently if you have a need for greater storage you can use the Panorama product that has a maximum logging volume size of two terabytes or you can use a syslog server to export your logs and then using some other reporting products output the data in a meaningful format.</P><P>There is currently no mechanism to import these logs back into the either the PAN-firewall's or the Panorama nor is this feature part of the upcoming 4.0 release. What the 4.0 will provide is a means of mounting an external storage device and utilizing space far exceeding the allocated amounts with the 3.x family.</P><P></P><P></P><P>Thank you,</P><P></P><P>Phil</P></BODY></HTML> Fri, 21 Jan 2011 21:53:14 GMT https://live.paloaltonetworks.com/t5/general-topics/pa4050-panorama-log-archive-strategy-help/m-p/7266#M5383 pkruse 2011-01-21T21:53:14Z https://live.paloaltonetworks.com/t5/general-topics/pa4050-panorama-log-archive-strategy-help/m-p/7267#M5384 <HTML><HEAD></HEAD><BODY><P>Hi - many thanks to those who replied. I undertood that we wouldn't use the firewalls themselves as long term log storage. We were advised by our VAR that 80GB for long term log data storage on the Panorama would be more than adequate (not sure how they would know this as they didn't have visibility of the data we have going throught our current solution!!). Purchasing more software/hardware (syslog server, reporting software such as splunk) may make our customer baulk though (as would manually trailing through loads of CSV files!!). Thanks for all your input.</P></BODY></HTML> Tue, 25 Jan 2011 13:47:21 GMT https://live.paloaltonetworks.com/t5/general-topics/pa4050-panorama-log-archive-strategy-help/m-p/7267#M5384 fmd 2011-01-25T13:47:21Z https://live.paloaltonetworks.com/t5/general-topics/pa4050-panorama-log-archive-strategy-help/m-p/7268#M5385 <HTML><HEAD></HEAD><BODY><P>hi pkruse - about the limits on Panorama space. If we run VMARE server on a Windows machine with Panorama installed is the maximum 1TB or 2TB - I've read 2TB is only available if you load VMWARE ESX directly onto the hardware (ie. no host OS underneath).&nbsp; Will the space limit increase you speak of apply to both VMWARE on a windows machine and ESX? Or will the increase in 4.0 only be applied to the ESX variety of install? Is there any news on when 4.0 is scheduled? many thanks. </P></BODY></HTML> Wed, 09 Feb 2011 13:11:30 GMT https://live.paloaltonetworks.com/t5/general-topics/pa4050-panorama-log-archive-strategy-help/m-p/7268#M5385 fmd 2011-02-09T13:11:30Z https://live.paloaltonetworks.com/t5/general-topics/pa4050-panorama-log-archive-strategy-help/m-p/7269#M5386 <HTML><HEAD></HEAD><BODY><P>Hello,</P><P></P><P>Here's the link that describes the limitations of VMware Server and VMware ESX. In 4.0, you will be able to utilize NFS which will assist in exceeding these disk space limitations. Tentative release date for 4.0 is March of this year.</P><P></P><P></P><P><A href="https://live.paloaltonetworks.com/docs/DOC-1393">https://live.paloaltonetworks.com/docs/DOC-1393</A></P><P></P><P></P><P>-Renato</P></BODY></HTML> Wed, 09 Feb 2011 13:45:56 GMT https://live.paloaltonetworks.com/t5/general-topics/pa4050-panorama-log-archive-strategy-help/m-p/7269#M5386 gswcowboy 2011-02-09T13:45:56Z