Logs from secondary Panorama

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Logs from secondary Panorama

L0 Member

Hello Team,

 

We are having two panorama's configured in HA. As of now all the traffic is been handled by Primary Panorama and secondary is on handby. Now can we use the secondary panorama for log collection to decrease the CPU on primary?

 

if so kindly let us know how ? 

1 REPLY 1

Cyber Elite
Cyber Elite

Thank you for the post @Goutham

 

the scenario you mentioned is described in this KB: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000HBw7CAG&lang=en_US%E2%80%A... Please refer to section: Collector Group Preference List

 

In nutshell, you will have to make sure that both log collectors (Primary and Secondary Panorama) are in the same log collector group, then you can configure log forwarding preference. Under log forwarding preference, you can for example split all your Firewalls into two lists. First half of the Firewalls will be ingesting logs by Primary Panorama (Secondary Panorama can be second in the list in the case Primary one is down). The second half of Firewalls will be ingesting logs by Secondary Panorama (Primary Panorama can be second in the list in the case Secondary one is down).

 

In this case, you decrease resource utilization on Primary Panorama by splitting load.

 

Here is a reference to documentation how to configure it: https://docs.paloaltonetworks.com/panorama/10-1/panorama-admin/manage-log-collection/manage-collecto...

 

Kind Regards

Pavel

Help the community: Like helpful comments and mark solutions.
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!