For details on cookie usage on our site, read our Privacy Policy
collector group with redundancy not working properly
- LIVEcommunity
- Discussions
- General Topics
- collector group with redundancy not working properly
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Printer Friendly Page
collector group with redundancy not working properly
- Mark as New
- Subscribe to RSS Feed
- Permalink
06-15-2021 06:32 AM
we have configured Panorama M200 in HA , configured managed collector with local log collector , configured collector group and added local log collector of both panorama, redundancy is enabled in collector group (log forwarding preference is not configured.
Above configuration we have done to store same logs on both local log collector and enable redundancy So if complete Pri M200 box failed , we will have same logs in Sec M200 local log collector.
But as per configuration logging is not happening properly on secondary panorama , there is a difference in system dis-space utilization
Also we sec panorama log collector not receiving any log ( as per our requirement and redundancy conifg secondaryM200 also should store the logs)
is there any configuration issue , or the output in sec m200 is normal ? how we can check same logs are store or not in sec M200 ?
We are able to see same logs in both M200 webgui , as per my understanding its because of collector group config .
- Mark as New
- Subscribe to RSS Feed
- Permalink
06-15-2021 09:46 AM
We have check mark Enable log redundancy across collectors.
And Firewall is added to M200.
From FW CLI
show log-collector preference-list
Log Collector Preference List
Forward to all: No
Serial Number: 007307001xxx IP Address: 10.7.2.104 IPV6 Address: unknown
Serial Number: 007307001xxx IP Address: 10.7.2.103 IPV6 Address: unknown
fw send logs to Primary M200 and if it is down then it will send to another one.
Regards
- Mark as New
- Subscribe to RSS Feed
- Permalink
06-15-2021 09:54 AM
Thanks for sharing the setting.
We have same setting only log forwarding preference list not configured as we want to forward logs to both local log collector.
I think theoretically , If redundancy is enabled no point of creating log forwarding preference list as logs getting stored in both managed collectors.
Please correct me if I am wrong.
- Mark as New
- Subscribe to RSS Feed
- Permalink
06-15-2021 10:00 AM
you need preference list as if one log collector dies then firewall will not send logs to another collector in preference list.
Also you will get system alert emails that fw has lost connection to log collector.
Regards
- Mark as New
- Subscribe to RSS Feed
- Permalink
06-23-2021 05:00 PM
Also you can see logs on secondary Panorama by show log traffic command from CLI.
Regards
- Log collectors Incoming logs per second capacity in General Topics
- Please help with log collectors and collector groups in Panorama mode! in General Topics
- Ingest Logs from Cisco ISE to Cortex XDR in Cortex XDR Discussions
- want to add third panorama in collector group for logging in Panorama Discussions
- Device Log Forwarding CLI in General Topics
Show your appreciation!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
