Log Collections - I am confused

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Log Collections - I am confused

L4 Transporter

Hi

 

Okay I have pa-5220 - cluster and a single pa-850 and 1 panoram vm.

 

I would like to see all the log that i see by logging into the individual fw on the panorama interface.

 

So do I need to setup panorama as a log collector or do I setup log forwarding on the devices to point to panorama.

 

I'm currently try this

https://www.paloaltonetworks.com/documentation/80/panorama/panorama_adminguide/manage-log-collection...

 

came from 

https://www.paloaltonetworks.com/documentation/80/panorama/panorama_adminguide/panorama-overview/cen...

 

 

But I also followed - before and unsuccessufly setup panorama as a log collector.  I have add a new HD and converted the vm into panoram mode. 

 

I have also removed the original drive as it has copied over all it needed.

 

But I didn't see any information under the monitor tab.

 

7 REPLIES 7

Hi @Alex_Samad

 

Just a quick question. Are you trying to set up the M-100 as Log Collector or the Panorama VM?

Notice that any platform can be a dedicated manager, but only M-Series can be a dedicated log collector.

 

Maybe these both articles will help you with some more information. I think it will be more interactive for you 🙂

 

https://live.paloaltonetworks.com/t5/Management-Articles/Panorama-Sizing-and-Design-Guide/ta-p/72181

 

https://live.paloaltonetworks.com/t5/Community-Blog/Upgrade-Panorama-logs-to-PAN-OS-8-0-FAQ/ba-p/154...

 

Let me know if it is useful.

Hi

 

Panorama VM into a Panorama and log Collector 

 

Panorama VMs cannot be configured as a dedicated log collector, as per the article I sent previously. For Log collectors you need the Panorama M-100 instead.

on the panorama cli there are some checks to see the disk status ... (which I fist have to find 😛 )

 

but you should also see some stats in the WebUI.

 

And then a few questions: Did you push the configuration to the local log collector? Did you reboot the vm since you added the disk and pushed the configuration (little unconventional I know, but this helped when I was in the same situation as you)?

For the panorama VM you'll need to create a log forwarding profile on each firewall and enable it in all the security policies you want to log on panorama

since you have a single panorama VM you don't need to worry about creating log collectors etc as this is reserved for the management hardware

 

2017-06-27_12-39-46.png

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization

Hi

 

I have rebooted a few time

when i goto panorama / management / Logging and reporting settings my log storage is still only 13G ( I added a 300G HD)

But having said that when i goto  panorama / managed collectors and select panorama then disks I see Disk Pair A there which is the 300G disk

 

On the managed collectors page its in sync and connected but stats shows me all 0's

Hi

 

Yeap so on panorama I have a device group - that encompasses all my devices and on objects / log forwarding 

I have an entry with an entry for each type of log and filter is all and forward method is panorama 

 

and I have select a couple of key policies and attached the log forwarding config using the above ..

 

But sill nothing

  • 2977 Views
  • 7 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!