Panorama Local Collector HA - Redundance - HA M-100 - Local Log Collector - Mode Panorama
Hello good afternoon, as always thank you very much for your great and valuable collaboration.
I have some doubts regarding the HA part of two log collector, of two Panorama that are in HA at PANORAMA level.
In the Group Log Collector there are now these two M-100 Panorama. I understand that to enable log redundancy, which is what we are looking for in the Group Collector we enable the option "Enable log redundancy across collectors".
Now thinking in an environment of 6 firewalls that currently all send the logs to the main M-100, what would be the best practice? so far the thinking is the following:
-Thinking about a better log load distribution and so that not only one of the M-100s receives and processes all the log load, the following is being considered:
Log forwarding preference list will be used:
3 firewalls will send their logs to Log collector 1 and Log collector 2 will be placed second in the list.
The other 3 firewalls will send their logs to Log Collector 2 and Log Collector 1 will be placed second in the list.
Then, at the Collector Group level, the option for redundancy will be applied, which is what we want to have, that both Log Collectors have the same logs as the other.
Is this approach the correct one? I remain attentive to suggestions, advice with respect to the raised thing.
Thanks
Best regards
That sounds like the best way to set that up, yes :)