10-15-2021 09:24 AM
Hi All,
I am curious to know which technology is using in Panoroma logging disk to store the logs or disaster recovery. I have added 6TB virtual disk in panoroma now it is showing DiskA, DiskB, DiskC,DiskD, DiskE. If any one Disk get faulty how data will get from the faulty disk.
10-15-2021 06:39 PM
Thank you for quick reply @rajendra-kumar
All disks will be used and logs will be distributed among all of them.
Regarding data on faulty disk, I can only speak for my own experience when I lost one of the log collectors (Enable log redundancy across collectors was not enabled). I could still search data that resided on other log collector, but not on faulty one. Since I was not aware what logs were located on the log collector that was not online at that time depending on the log I queried I was getting incomplete log search. I assume the same will happen if you lose a single disk. You will not be able to get logs from faulty disk.
Regarding what you mentioned with single log collector in log collector group, it seems like you did not configure local log collector on your Panorama passive node. Could you please make sure you added local log collector (The link is for M-100, but concept is the same): https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PMTXCA4 Then you should be able to add additional log collector to existing log collector group from: Panorama > Collector Groups > [Log Collector Group Name] > Add. After this step the option: "Enable log redundancy across collectors" will work.
Kind Regards
Pavel
10-15-2021 03:34 PM - edited 10-15-2021 03:34 PM
Thank you for posting question @rajendra-kumar
Regardless of the appliance (M-100, M200, M500, M-600) RAID1 is used. Each of the Disk Pair has assigned 2 disks that are mirrored. For example, Disk Pair A is consisting of: Disk id A1 and Disk id A2. In the case one disk fails, there is no data loss unless both of the disks in a single Disk Pair fail. The same applies to Disk Pair B, C, D, E...
In order to verify the disk pair assignment and its status issue: show system raid detail
Kind Regards
Pavel
10-15-2021 03:49 PM
We are using Panoroma in vm-mode: VMware ESXi, which technology is using on this for hard disk.
10-15-2021 04:44 PM
Thank you for quick reply @rajendra-kumar
I see. When it comes to VM series of Panorama, I do not believe the same concept of RAID is applied as for M series appliances. Since it is a virtual disk, the disk itself should not fail. If you can see the newly added virtual disk under: "show system disk details" with status: "Present" and admin state: "Enabled" there is no other step required to add disk than to add it to Log Collector.
If you are concerned about log redundancy, then the solution to address this issue is described in this link: https://docs.paloaltonetworks.com/panorama/10-0/panorama-admin/manage-log-collection/log-collection-...
In nutshell, you build one more Panorama VM appliance with identical specification, built HA and for logging part you enable: "Enable log redundancy across collectors" under Log Collector Group. If you select this option, each log in the Collector Group will have two copies and each copy will reside on a different Log Collector. This redundancy ensures that, if any one Log Collector becomes unavailable, no logs are lost.
Kind Regards
Pavel
10-15-2021 05:48 PM
Ok, I got your point, still have one query that in panoroma log collector we have 4 logging disk (DiskA, DiskB, DiskC,DiskD, DiskE) How the logs are stared.
I mean to say is it save first Disk A then B then C so on or it will distribute among all disk.
If it will distribute then what impact if any one disk will fail or faulty, can we get those logs from faulty.
Can you please recommend, I have Panoroma in Active/passive state. In collector group only one collector is there with out Enable log redundancy across collectors.
10-15-2021 06:39 PM
Thank you for quick reply @rajendra-kumar
All disks will be used and logs will be distributed among all of them.
Regarding data on faulty disk, I can only speak for my own experience when I lost one of the log collectors (Enable log redundancy across collectors was not enabled). I could still search data that resided on other log collector, but not on faulty one. Since I was not aware what logs were located on the log collector that was not online at that time depending on the log I queried I was getting incomplete log search. I assume the same will happen if you lose a single disk. You will not be able to get logs from faulty disk.
Regarding what you mentioned with single log collector in log collector group, it seems like you did not configure local log collector on your Panorama passive node. Could you please make sure you added local log collector (The link is for M-100, but concept is the same): https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PMTXCA4 Then you should be able to add additional log collector to existing log collector group from: Panorama > Collector Groups > [Log Collector Group Name] > Add. After this step the option: "Enable log redundancy across collectors" will work.
Kind Regards
Pavel
10-15-2021 06:54 PM
Hi Pavel,
Thank you very much for your quick response, really its great help for me.
Regards,
Rajendra
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
