Palo Alto Networks Knowledgebase: How to Configure an M-100 to Function as Both a Log Collector and Panorama

How to Configure an M-100 to Function as Both a Log Collector and Panorama

4120
Created On 02/07/19 23:55 PM - Last Updated 02/07/19 23:56 PM
Cortex Data Lake Panorama
Resolution

Overview

This document describes the steps to configure a Palo Alto Networks M-100 to function as both Panorama and Log Collector.

 

Steps

To configure Panorama to manage devices follow the instructions below:

  1. Navigate to Panorama > Managed Devices
  2. Click 'Add' to add devices that will be managed by the M-100
  3. Navigate to Panorama > Device Groups
  4. Click 'Add' to create a device group
  5. Add the device into the group

Note: The devices can be managed the same way as other Panorama deployments.

 

To configure the Log Collector functionality follow the instructions below:

  1. Add the M-100 as the collector
    1. Go to Panorama > Managed Collectors
    2. Enter the Serial Number (S/N) of the M-100 into the Collector S/N field
      Note: The S/N and hostname for this example are 009201000347 and panomgmt-a
      collector1.JPG
    3. Perform a local commit before adding the disk from the Disks TAB. Otherwise you won't be able to see it.
      CollectorGroup.JPG
    4. Under Panorama > Managed Collectors> Disks tab, define the RAID 1 disk pair that will be used to store logs.

      Note: Additional disk pairs can be added as needed to expand storage capacity. By default, the M-100 is shipped with the first RAID 1 pair enabled with drives installed in bays A1 and A2. To set up RAID, issue the > request system raid add command from CLI:
      > request system raid add A1
      Executing this command may delete all data on the drive being added.
      Do you want to continue? (y or n)

      > request system raid add A2
      Executing this command may delete all data on the drive being added.
      Do you want to continue? (y or n)
  2. Perform a local commit on the Panorama
  3. Configure Log Collection
    1. Navigate to Panorama > Collector Groups:
      collector2.JPG
    2. Go to the Log Forwarding tab:
      collector3.JPG
    3. Under collectors, add the M-100 hostname
      Note: This adds the M-100 into its own configuration
    4. Under Log forwarding preferences, add the device from which the log needs to be forwarded
  4. Perform a local commit on the Panorama
    panoramacommit.JPG
  5. Perform a Collector Group commit
    collectorcommit.JPG
    Note: if you skip step 5, you will see this error: "Ring version mismatch." 

The Collector should appear connected and the Configuration Status field should be "In sync":
Panorama_Good.png
Note:
If step 5 is not performed, then the Collector Configuration state will be "Out of sync" as shown below:
Panorama_Error.png

Note
: While viewing the disk space of the system, show system logdb-quota does not display the usage of RAID disks. The command displays only the statistics of logs in the SSD. If the log quota settings of RAID disks needs to be configured or checked, go to Panorama > Collector Groups > ( Name of the collector Group) > General tab and select the link next to the Log Storage.

 

See Also

M-100 Log Collector Configuration

How to Change the Operational Mode from Log Collector to Panorama on the M-100 Device

 

owner: sraghunandan



Attachments
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClJPCA0&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Attachments
Choose Language