08-25-2021 06:25 AM
We have two panorama (M200) in HA with single collector group , local log collector of both panorama we have added in same collector group and enabled redundancy.
Due to low disk-space we want to add one more log collector. So there will be three log-collector in same LC group.
Can I add third LC ,( if Panorama in HA and already added LC's are part of same HA. This third panorama will be not part of HA.)?
How log will redistribute ?
Copy of log will store in all LC's or only in two LC's ? How redundancy will work ?
Please suggest suitable design.
08-25-2021 07:47 AM
Good Morning
Inside of your Collector Group, there is a check box for "Enable Log Redundancy across collectors", so the logs are seen across all LCs. This is what you will need to implement.
Thanks.
08-25-2021 07:47 AM
Good Morning
Inside of your Collector Group, there is a check box for "Enable Log Redundancy across collectors", so the logs are seen across all LCs. This is what you will need to implement.
Thanks.
08-25-2021 08:00 AM
Redundancy already enabled in current setup. Currently A location firewalls forwarding logs to primary panorama LC and B location firewalls to secondary panorama LC. Now in this setup if we add third LC, how redundancy will work and how we can make the changes in log forwarding preference.so both panorama storing copy in each other.
Let's say if from location A firewalls we have chooses to forward logs to new third LC from one firewall. how log copy will store in other LC..same copy will store in both LC ?
08-25-2021 08:08 AM - edited 08-25-2021 08:10 AM
Ok, let me see if I can explain better, as I want to confirm and clarify.
Most customers will have 2 virtual log collectors for their HA Panorama. Lets call them LC1 and LC2.
If you have LC1 and LC2 configured, you probably (recommended) to add both LC1 and LC2 into a Collector Group, Let's call this CG1.
Next, you have your FWs forwarding (really, if configured correctly) to CG1 (and NOT LC1 and LC2)... this is benefit of a CG... Now you have log redundancy configured, so if LC1 fails, you will have LC2 to also have the logs.
So if you add in LC3 (new one), you will be adding into CG1. Do your devices care? NO.. because there configured to communicate to CG1. So CG1 will have LC1, LC2, and LC3, with log redundancy.
Does this help?
08-25-2021 09:16 PM
Hi Steve,
Thank you for answer.
I understand , but as we have log forwarding preference..if LC1 receiving logs , duplicate copy will store in LC2 or in both (LC2 and LC3) ?
08-26-2021 11:32 AM
As I understand it... both.
01-18-2022 09:27 AM
Hi Steve,
How do we ponting to CG , not LC1 or LC2 ?
We are forwarding log to Panorama , Those are HA mode and LC1 is primary and LC2 is secondary Panorama and we have one CG.
01-18-2022 07:44 PM
Hi Deepak25,
Did you deploy 3rd LC in your environment?
Could you share your experience ? How could you deploy it and what's the benefit of 3rd LC ...
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
