This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
Accept
Reject

collector group with redundancy not working properly

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

collector group with redundancy not working properly

Deepak25
L3 Networker

‎06-15-2021 06:32 AM

we have configured Panorama M200 in HA , configured managed collector with local log collector , configured collector group and added local log collector of both panorama,  redundancy is enabled in collector group (log forwarding preference is not configured.

 

Above configuration we have done to store same logs on both local log collector and enable redundancy So if complete Pri M200 box failed , we will have same logs in Sec M200 local log collector.

But as per configuration logging is not happening properly on secondary panorama , there is a difference in system dis-space utilization

Deepak25_0-1623763316613.png

Also we sec panorama log collector not receiving any log ( as per our requirement and redundancy conifg secondaryM200 also should store the logs)

Deepak25_1-1623763766133.png

 

is there any configuration issue , or the output in sec m200 is normal ? how we can check same logs are store or not in sec M200 ?

 

We are able to see same logs in both M200 webgui , as per my understanding its because of collector group config .

0 Likes Likes
8 REPLIES 8

MP18
Cyber Elite
Cyber Elite

‎06-15-2021 07:42 AM - edited ‎06-15-2021 07:43 AM

@Deepak25 

 

I do not think from sec M200 CLI you will see incoming logs.

Please read this 

 

If you select this option, each log in the Collector Group will have two copies and each copy will reside on a different Log Collector. This redundancy ensures that, if any one Log Collector becomes unavailable, no logs are lost: you can see all the logs forwarded to the Collector Group and run reports for all the log data. Log redundancy is available only if the Collector Group has multiple Log Collectors and each Log Collector has the same number of disks.
After you enable redundancy, Panorama redistributes the existing logs across all the Log Collectors, which can take hours for each terabyte of logs. During the redistribution process, the maximum logging rate is reduced. In the Panorama > Collector Groups page, the Log Redistribution State column indicates the completion status of the process as a percentage. All the Log Collectors for any particular Collector Group must be the same model: for example, all M-500 appliances or all Panorama virtual appliances.
 
Because enabling redundancy creates more logs, this configuration requires more storage capacity. Enabling redundancy doubles the log processing traffic in a Collector Group, which reduces its maximum logging rate by half, as each Log Collector must distribute a copy of each log it receives. (When a Collector Group runs out of space, it deletes older logs.)
 
Regards
MP
0 Likes Likes

Deepak25
L3 Networker
In response to MP18

‎06-15-2021 08:38 AM

Thank you for information.

I have read many articles to investigate on this issue. Due to differences in disk utilization we want to check logging on sec m200. Also redistribution state is already completed and status is none when we deployed sec m200 in HA with pri M200 five month back. Due to pci standard logging is very important for us. 

0 Likes Likes

MP18
Cyber Elite
Cyber Elite
In response to Deepak25

‎06-15-2021 08:45 AM - edited ‎06-15-2021 08:51 AM

@Deepak25 

 

So you mean you added sec M200 after few months to Primary M200 right?

We also have M200 in HA mode.

 

When I do shutdown of Primary M200 then Sec M200 becomes Primary and I can see old traffic logs there.

This tells me that logs are in syn between both.

 

 

Regards

MP
0 Likes Likes

Deepak25
L3 Networker
In response to MP18

‎06-15-2021 09:22 AM - edited ‎06-15-2021 09:24 AM

Yes, we have deployed pri m200 in 2019 and due to pci standard we have added secondary panorama in 2020. 

Hv u configured same setting , can u please share your settings 

0 Likes Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Copyright 2007 - 2023 - Palo Alto Networks