05-03-2021 06:02 AM
We have query regarding log collector group while upgrading Panorama M200 Ha pair from PANOS 9.1.6 to PANOS 10.0.5.
Is there any issue in log collector status or log forwarding to collector group ?
We have log collector group( with enable log redundancy) and local log collector of both panorama are added into same LC group in our production setup. HA and log collection config using management interface on both panorama.
We have tested Panorama HA upgrade from PANOS 9.1.6 to PANOS 10.0.5 on testing setup.(We couldn't configured LC in testing setup)
First we have upgraded Primary Panorama to Panos 10.0.5 , when it came up it went to non-functional state due to panos version mismatch. HA1 was up and secondary panorama became active.
To make the upgraded Primary panorama device functional had to suspend Secondary panorama. HA1 was up even after suspending Secondary panorama.
Is there any issue in log collection or LC status if we suspend secondary panorama
If yes, then logs should redistribute from LC1 (pri panorama ) to LC2 ( Sec panorama ) after making secondary panorama functional.
We want to keep production Sec Panorama in suspend state and want to monitor upgraded pri panorama for 7 days.
So after upgrading panorama after 7 days , LC2 of sec panorama should have some logs stored in its logging disks.
05-04-2021 02:12 PM - edited 05-04-2021 02:13 PM
hi @Deepak_K
a suspended panorama with log collector will still receive logs, so you can keep panorama suspended while the log collector will still technically work
but
since you have redistribute enabled/multiple collectors in the same group, they can not run different PAN-OS versions at the same time without risking log data loss: all log collectors in the same group must be upgraded at the same time
05-05-2021 03:05 AM
Thanks @reaper
In our case we have configured local log collector on primary and secondary panorama. And each log collector of panorama we have added in collector group and enabled redundancy, so is your statement applicable to this setup?
Our only concern is local log collector of secondary panorama should receive and store the logs in below conditions :
* Secondary panorama suspended
* Panorama version mismatch
Here we are upgrading only primary panorama , log collectors added in collector groups are local not dedicated hardware. So both log collector should not face any issue if panorama version is mismatched.
05-05-2021 06:39 AM
log collection during a suspended panorama will work, but in regards to upgrading:
all log collectors that are in the same collector group need to be upgraded at the same time, else you risk losing data
05-05-2021 08:11 AM
@reaper thanks again for answering my query.
Practically it's not possible to upgrade panorama HA pair at same time. Even if we try , there we be some difference in uptime.
So we will lose historical logs or the new incoming logs during version mismatch ?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
