05-05-2025 07:20 AM
Hello,
I have a Panorama that manage several clusters and I have one remote cluster that isn't managed but I would like to have the cluster log on Panorama just to have only 1 point to analyze the logs.
It's possible to configure a unmanaged cluster to send the log to Panorama?
05-05-2025 11:57 AM
Hi @Chris80 ,
You can configure an unmanaged fw to forward logs to your Panorama by creating a syslog server profile and entering your Panoramas management IP as the syslog server IP.
05-05-2025 10:58 PM - edited 05-06-2025 12:15 AM
Hi @JayGolf,
I don't have to change the Panorama conf to allow/accept the syslog flows coming from the unmanaged cluster?
Alternative scenario:
Instead of create a syslog on cluster it's possible to add the cluster under Panorama but not configure device-group and template and add only the conf that allow the cluster to send log to Panorama?
Chris
05-06-2025 03:44 PM
Hi @Chris80 ,
To clarify, it is technically possible to forward logs to the Panorama management IP using a syslog profile, but those logs won't show up in Panoramas monitor tab unless the device is licensed itself and is managed by Panorama.
I would go ahead and add the firewall as a managed device and proceed with your alternative scenario.
05-07-2025 11:19 PM
Hello,
So I should add the cluster as a managed device but not add it to any Template or Device-group to avoid cluster configuration change coming from Panorama, then configure syslog on the local conf of the cluster. After this two steps I will able to see the log on Panorama monitor tab as usual right?
05-16-2025 09:27 PM
Hello @Chris80
you will have to perform below steps.
1.)
Register Firewall to Panorama (Add Firewall's S/N + Authentication key).
2.)
Theoretically, it is not necessary to add Firewall to Device Group to get logs only, however I recall memory that logs did not show up until I associated Firewall with Device Group. Please test it first by not associating Firewall with Device Group. If logs do not show up after completing all the steps, please add Firewall to Device Group to see logs show up.
3.)
Add Firewall to log collector group by navigating to: Panorama > Collector Groups > [Log Collector Name] > Device Log Forwarding > Log > Forwarding Preference.
4.)
Commit configuration to Panorama and to log collector. If you do not push configuration to log collector group logs will not show up. To see the logs you do not have to push Device Group configuration, but if you have assigned Firewall to for example dummy Device Group with no actual configuration in it, the Firewall will be reporting out of sync status, however this should not prevent Firewall from sending logs to Panorama.
5.)
On Firewall side, in log forwarding profile select log Forwarding Method "Panorama" checkbox.
After completing all steps you should see Firewall logs coming without having Panorama managing Firewall configuration. There are a few things to keep in mind. If your Firewall and Panorama are using different Time/Time Zone logs might not show up in Panorama's GUI. Ideally you should sync time with the same NTP server.
Kind Regards
Pavel
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
