Learning about Panorama and log collectors
To enable log forwarding to Panorama, the firewall must be connected to a Panorama server. This can be achieved by adding the Panorama IP via Device > Setup > Panorama Settings, as shown in the following screenshot:
Figure 1.3 – Panorama settings on the firewall
Once the firewall has established a connection with Panorama, Panorama sets its external logging destinations to what you specify in the collector group configuration.
As shown in the following screenshot, enabling Enable log redundancy across collectors will ensure each log entry has a copy on a different log collector in the same group. Enabling Forward to all collectors in the preference list will let PA-5200 and PA-7000 devices forward to all collectors in a preference list, managed by Panorama in a round-robin fashion. Otherwise, the default behavior is to send logs to the first available collector in the list:
Figure 1.4 – Collector Group general settings
In the Device Log Forwarding tab, you can select firewall devices and assign a list of collectors that they may send logs to. The first member of a collector group is the primary collector; firewalls will send their logs to this collector for as long as it is available, using the next collector down the list as a fallback collector for redundancy. In the following screenshot, we have two firewalls that have different preferences assigned for the two available collectors. The firewall called PANgurus will send logs to Panorama itself, while the RemoteLAB firewall will send logs to Collector. If one of the log destinations becomes unavailable, the firewalls will fall back to the second collector in the list:
Figure 1.5 – Device log forwarding
In the next section, we will review other useful log forwarding options.
