Virtual Panorama Log Collector Setup

At the heart of my EVE-NG lab, I have two virtual Panorama appliances deployed using a KVM image which I wrote about in my previous two blogs. I'm using the default Panorama mode, which operates as a management server with local log collection capabilities, and uses a single virtual logging disk.

I'm going to walk through how I configured the log collector, so when I start managing PAN-OS firewalls I can configure the firewalls to send a copy of the logs to Panorama. Once I logged into the WebUI, I selected the Panorama tab and clicked on Managed Collectors.

I clicked add at the bottom of the page, which opened the below window, because the Collector is locally running on the Panorama appliance, I only had to paste the Panorama serial into the box and click ok, and commit to Panorama

In the commit status window, I got a warning saying there were no disks enabled on the log collector.

I clicked on the Collector name and selected the Disks tab, clicked Add and in the drop-down, I chose Disk A and clicked ok.

With the new Log Collector configured, its status is showing "Out of Sync" it was time for another Commit to Panorama before we can add the Log Collector to a new Log Collector Group

I Clicked on Collector Group on the left and clicked Add and selected the log collector in the drop-down and click ok.

And then it was time for another Panorama Commit.

And finally a Push to Devices and then Click Edit Selections

I selected  Collector Groups and ticked the Group, clicked ok.

I then hit Push

I could see the configuration had been sent to the Log Collector, I gave it a minute and refreshed the screen and then finally I could see the Log Collector was in Sync.

A pretty straightforward process, now I'm ready to send logs to Panorama from the managed firewalls.

For further information on Virtual Panorama Log Collectors check it out on the Palo Alto Networks website