Log Collector Interface Settings
Table of Contents
Expand all | Collapse all
-
- Firewall Overview
- Features and Benefits
- Last Login Time and Failed Login Attempts
- Message of the Day
- Task Manager
- Language
- Alarms
- Commit Changes
- Save Candidate Configurations
- Revert Changes
- Lock Configurations
- Global Find
- Threat Details
- AutoFocus Intelligence Summary
- Configuration Table Export
- Change Boot Mode
-
- Objects > Addresses
- Objects > Address Groups
- Objects > Regions
- Objects > Dynamic User Groups
- Objects > Application Groups
- Objects > Application Filters
- Objects > Services
- Objects > Service Groups
- Objects > Devices
- Objects > External Dynamic Lists
- Objects > Custom Objects > Spyware/Vulnerability
- Objects > Custom Objects > URL Category
- Objects > Security Profiles > Antivirus
- Objects > Security Profiles > Anti-Spyware Profile
- Objects > Security Profiles > Vulnerability Protection
- Objects > Security Profiles > File Blocking
- Objects > Security Profiles > WildFire Analysis
- Objects > Security Profiles > Data Filtering
- Objects > Security Profiles > DoS Protection
- Objects > Security Profiles > Mobile Network Protection
- Objects > Security Profiles > SCTP Protection
- Objects > Security Profile Groups
- Objects > Log Forwarding
- Objects > Authentication
- Objects > Packet Broker Profile
- Objects > Schedules
-
-
- Firewall Interfaces Overview
- Common Building Blocks for Firewall Interfaces
- Common Building Blocks for PA-7000 Series Firewall Interfaces
- Tap Interface
- HA Interface
- Virtual Wire Interface
- Virtual Wire Subinterface
- PA-7000 Series Layer 2 Interface
- PA-7000 Series Layer 2 Subinterface
- PA-7000 Series Layer 3 Interface
- Layer 3 Interface
- Layer 3 Subinterface
- Log Card Interface
- Log Card Subinterface
- Decrypt Mirror Interface
- Aggregate Ethernet (AE) Interface Group
- Aggregate Ethernet (AE) Interface
- Network > Interfaces > VLAN
- Network > Interfaces > Loopback
- Network > Interfaces > Tunnel
- Network > Interfaces > SD-WAN
- Network > Interfaces > PoE
- Network > Interfaces > Cellular
- Network > Interfaces > Fail Open
- Network > VLANs
- Network > Virtual Wires
-
- Network > Routing > Logical Routers > General
- Network > Routing > Logical Routers > Static
- Network > Routing > Logical Routers > OSPF
- Network > Routing > Logical Routers > OSPFv3
- Network > Routing > Logical Routers > RIPv2
- Network > Routing > Logical Routers > BGP
- Network > Routing > Logical Routers > Multicast
-
- Network > Routing > Routing Profiles > BGP
- Network > Routing > Routing Profiles > BFD
- Network > Routing > Routing Profiles > OSPF
- Network > Routing > Routing Profiles > OSPFv3
- Network > Routing > Routing Profiles > RIPv2
- Network > Routing > Routing Profiles > Filters
- Network > Routing > Routing Profiles > Multicast
- Network > Proxy
-
- Network > Network Profiles > GlobalProtect IPSec Crypto
- Network > Network Profiles > IPSec Crypto
- Network > Network Profiles > IKE Crypto
- Network > Network Profiles > Monitor
- Network > Network Profiles > Interface Mgmt
- Network > Network Profiles > QoS
- Network > Network Profiles > LLDP Profile
- Network > Network Profiles > SD-WAN Interface Profile
- Network > Network Profiles > MACsec Profile
-
-
- Device > Setup
- Device > Setup > Management
- Device > Setup > Interfaces
- Device > Setup > Telemetry
- Device > Setup > Content-ID
- Device > Setup > WildFire
- Device > Setup > ACE
- Device > Setup > DLP
- Device > Log Forwarding Card
- Device > Config Audit
- Device > Administrators
- Device > Admin Roles
- Device > Access Domain
- Device > Authentication Sequence
- Device > IoT Security > DHCP Server Log Ingestion
- Device > Device Quarantine
-
- Security Policy Match
- QoS Policy Match
- Authentication Policy Match
- Decryption/SSL Policy Match
- NAT Policy Match
- Policy Based Forwarding Policy Match
- DoS Policy Match
- Routing
- Test Wildfire
- Threat Vault
- Ping
- Trace Route
- Log Collector Connectivity
- External Dynamic List
- Update Server
- Test Cloud Logging Service Status
- Test Cloud GP Service Status
- Device > Virtual Systems
- Device > Shared Gateways
- Device > Certificate Management
- Device > Certificate Management > Certificate Profile
- Device > Certificate Management > OCSP Responder
- Device > Certificate Management > SSL/TLS Service Profile
- Device > Certificate Management > SCEP
- Device > Certificate Management > SSL Decryption Exclusion
- Device > Certificate Management > SSH Service Profile
- Device > Response Pages
- Device > Server Profiles
- Device > Server Profiles > SNMP Trap
- Device > Server Profiles > Syslog
- Device > Server Profiles > Email
- Device > Server Profiles > HTTP
- Device > Server Profiles > NetFlow
- Device > Server Profiles > RADIUS
- Device > Server Profiles > SCP
- Device > Server Profiles > TACACS+
- Device > Server Profiles > LDAP
- Device > Server Profiles > Kerberos
- Device > Server Profiles > SAML Identity Provider
- Device > Server Profiles > DNS
- Device > Server Profiles > Multi Factor Authentication
- Device > Local User Database > Users
- Device > Local User Database > User Groups
- Device > Scheduled Log Export
- Device > Software
- Device > Dynamic Updates
- Device > Licenses
- Device > Support
- Device > Policy Recommendation > IoT
- Device > Policy > Recommendation SaaS
- Device > Policy Recommendation > IoT or SaaS > Import Policy Rule
-
- Device > User Identification > Connection Security
- Device > User Identification > Terminal Server Agents
- Device > User Identification > Group Mapping Settings
- Device > User Identification> Trusted Source Address
- Device > User Identification > Authentication Portal Settings
- Device > User Identification > Cloud Identity Engine
-
- Network > GlobalProtect > MDM
- Network > GlobalProtect > Clientless Apps
- Network > GlobalProtect > Clientless App Groups
- Objects > GlobalProtect > HIP Profiles
-
- Use the Panorama Web Interface
- Context Switch
- Panorama Commit Operations
- Defining Policies on Panorama
- Log Storage Partitions for a Panorama Virtual Appliance in Legacy Mode
- Panorama > Setup > Interfaces
- Panorama > High Availability
- Panorama > Firewall Clusters
- Panorama > Administrators
- Panorama > Admin Roles
- Panorama > Access Domains
- Panorama > Device Groups
- Panorama > Plugins
- Panorama > Log Ingestion Profile
- Panorama > Log Settings
- Panorama > Server Profiles > SCP
- Panorama > Scheduled Config Export
- Panorama > Device Registration Auth Key
Log Collector Interface Settings
- Panorama > Managed Collectors > Interfaces
By default, Dedicated Log Collectors (M-Series appliances in
Log Collector mode) use the management (MGT) interface for management
traffic, log collection, and Collector Group communication. However,
Palo Alto Networks recommends that you assign separate interfaces
for log collection and Collector Group communication to reduce traffic
on the MGT interface. You can improve security by defining a separate
subnet for the MGT interface that is more private than the subnets
for the other interfaces. To use separate interfaces, you must first
configure them on the Panorama management server (see Device
> Setup > Management). The interfaces that are available
for log collection and Collector Group communication vary based
on the Log Collector appliance model. For example, the M-500 appliance
has the following interfaces: Ethernet1 (1Gbps), Ethernet2 (1Gbps),
Ethernet3 (1Gbps), Ethernet4 (10Gbps), and Ethernet5 (10Gbps).
To configure an interface, select the link and configure the
settings as described in the following table.
To complete the configuration of the MGT interface, you
must specify the IP address, the netmask (for IPv4) or prefix length
(for IPv6), and the default gateway. If you commit a partial configuration
(for example, you might omit the default gateway), you can access
the firewall or Panorama only through the console port for future
configuration changes.
Always commit a complete MGT interface
configuration. You cannot commit the configurations for other interfaces
unless you specify the IP address, the netmask (for IPv4) or prefix
length (for IPv6), and the default gateway.
Log Collector Interface
Settings | Description |
|---|---|
Eth1 / Eth2 / Eth3 / Eth4 / Eth5 | You must enable an interface to configure
it. The exception is the MGT interface, which is enabled by default. |
Speed and Duplex | Configure a data rate and duplex option
for the interface. The choices include 10Mbps, 100Mbps, 1Gbps, and
10Gbps (Eth4 and Eth5 only) at full or half duplex. Use the default auto-negotiate setting
to have the Log Collector determine the interface speed. This setting must match the interface settings
on the neighboring network equipment. |
IP Address (IPv4) | If your network uses IPv4 addresses, assign
an IPv4 address to the interface. |
Netmask (IPv4) | If you assigned an IPv4 address to the interface,
you must also enter a network mask (such as 255.255.255.0). |
Default Gateway (IPv4) | If you assigned an IPv4 address to the interface,
you must also assign an IPv4 address to the default gateway (the
gateway must be on the same subnet as the MGT interface). |
IPv6 Address/Prefix Length | If your network uses IPv6 addresses, assign
an IPv6 address to the interface. To indicate the netmask, enter
an IPv6 prefix length (such as 2001:400:f00::1/64). |
Default IPv6 Gateway | If you assigned an IPv6 address to the interface,
you must also assign an IPv6 address to the default gateway (the
gateway must be on the same subnet as the interface). |
MTU | Enter the maximum transmission unit (MTU)
in bytes for packets sent on this interface (range is 576 to 1,500;
default is 1,500). |
Device Log Collection | Enable the interface for collecting logs
from firewalls. For a deployment with high log traffic, you can
enable multiple interfaces to perform this function. This function
is enabled by default on the MGT interface. |
Collector Group Communication | Enable the interface for Collector Group
communication (the default is the MGT interface). Only one interface
can perform this function. |
Syslog Forwarding | Enable the interface for forwarding syslogs
(the default is the MGT interface). Only one interface can perform
this function. |
Network Connectivity Services | The Ping service
is available on any interface and enables you to test connectivity
between the Log Collector interface and external services. The
following services are available only on the MGT interface:
|
Permitted IP Addresses | Enter the IP addresses of the client systems
that can access the Log Collector through this interface. An
empty list (default) specifies that access is available to any client system. Palo Alto Networks recommends that you
do not leave this list blank; specify the client systems of Panorama
administrators (only) to prevent unauthorized access. |