Which Panorama feature protects logs against data loss if a Panorama server fails?
Which Panorama feature protects logs against data loss if a Panorama server fails?
Panorama Collector Group with Log Redundancy ensures that no logs are lost if a server fails inside the Collector Group. This feature allows each log to have two copies, with each copy stored on a different Log Collector within the group. If one Log Collector becomes unavailable, the logs are still accessible from the other Log Collector, thus preventing data loss in case of a failure.
Redundancy ensures that no logs are lost if any one Log Collector becomes unavailable. https://docs.paloaltonetworks.com/panorama/9-1/panorama-admin/manage-log-collection/manage-collector-groups/configure-a-collector-group
You're right should be A, not sure why I chose B before
A is correct as per url above. "Log redundancy is available only if each Log Collector has the same number of logging disks." (Recommended) Enable log redundancy across collectors if you are adding multiple Log Collectors to a single Collector group. Redundancy ensures that no logs are lost if any one Log Collector becomes unavailable. Each log will have two copies and each copy will reside on a different Log Collector. For example, if you have two Log Collectors in the collector group the log is written to both Log Collectors. Enabling redundancy creates more logs and therefore requires more storage capacity, reducing storage capability in half. When a Collector Group runs out of space, it deletes older logs. Redundancy also doubles the log processing traffic in a Collector Group, which reduces its maximum logging rate by half, as each Log Collector must distribute a copy of each log it receives.
Updated URL https://docs.paloaltonetworks.com/panorama/11-0/panorama-admin/manage-log-collection/manage-collector-groups/configure-a-collector-group
https://docs.paloaltonetworks.com/panorama/10-2/panorama-admin/panorama-overview/centralized-logging-and-reporting/caveats-for-a-collector-group-with-multiple-log-collectors#:~:text=Enable%20log%20redundancy%20when%20you%20Configure%20a%20Collector%20Group.%20This%20ensures%20that%20no%20logs%20are%20lost%20if%20any%20one%20Log%20Collector%20in%20the%20Collector%20Group%20becomes%20unavailable.%20Each%20log%20will%20have%20two%20copies%20and%20each%20copy%20will%20reside%20on%20a%20different%20Log%20Collector.
https://docs.paloaltonetworks.com/panorama/9-1/panorama-admin/manage-log-collection/manage-collector-groups/configure-a-collector-group
A is correct. For people opting for D, Panorama HA ensure log *collection* redundancy but doesnt provide redundancy for log data that has already been collected.
A https://docs.paloaltonetworks.com/panorama/10-2/panorama-admin/panorama-overview/centralized-logging-and-reporting/caveats-for-a-collector-group-with-multiple-log-collectors#:~:text=Enable%20log%20redundancy%20when%20you%20Configure%20a%20Collector%20Group.%20This%20ensures%20that%20no%20logs%20are%20lost%20if%20any%20one%20Log%20Collector%20in%20the%20Collector%20Group%20becomes%20unavailable.%20Each%20log%20will%20have%20two%20copies%20and%20each%20copy%20will%20reside%20on%20a%20different%20Log%20Collector.
https://docs.paloaltonetworks.com/panorama/10-2/panorama-admin/panorama-high-availability/logging-considerations-in-panorama-ha
I agree!
I don't think Palo Alto firewalls in high availability (HA) mode synchronize log files. I think the HA is just to sync configuration and state table.
D is reasonable and applies even if there is no collector group "Setting up Panorama in an HA configuration provides redundancy for log collection. Because the managed firewalls are connected to both Panorama peers over SSL, when a state change occurs, each Panorama sends a message to the managed firewalls. The firewalls are notified of the Panorama HA state and can forward logs accordingly." https://docs.paloaltonetworks.com/panorama/9-1/panorama-admin/panorama-high-availability/logging-considerations-in-panorama-ha
from the same URL "By default, when the managed firewalls cannot connect to Panorama, they buffer the logs; when the connection is restored, they resume sending logs from where it was last left off."
Setting up Panorama in an HA configuration provides redundancy for log collection. https://docs.paloaltonetworks.com/panorama/11-0/panorama-admin/panorama-high-availability/logging-considerations-in-panorama-ha
A is true, but the question is if Panorama fails, not if a log collector fails. You can't have panorama and log collectors in the same collector group. If you have dedicated collector groups then panorama failing will not affect log collection. Setting up Panorama in an HA configuration provides redundancy for log collection. Because the managed firewalls are connected to both Panorama peers over SSL, when a state change occurs, each Panorama sends a message to the managed firewalls. The firewalls are notified of the Panorama HA state and can forward logs accordingly. https://docs.paloaltonetworks.com/panorama/11-0/panorama-admin/panorama-high-availability/logging-considerations-in-panorama-ha
When you configure a Collector Group with Log Redundancy in Panorama, it ensures that log data is stored redundantly across multiple Collector Log Servers within the Collector Group. This redundancy ensures that log data is preserved even if one of the servers within the Collector Group fails. This feature is crucial for log data integrity and availability in case of server failures.
A according to this one https://docs.paloaltonetworks.com/panorama/10-2/panorama-admin/panorama-overview/centralized-logging-and-reporting/caveats-for-a-collector-group-with-multiple-log-collectors
https://docs.paloaltonetworks.com/panorama/10-2/panorama-admin/manage-log-collection/manage-collector-groups/configure-a-collector-group
Option A Redundancy ensures that no logs are lost if any one Log Collector becomes unavailable. Each log will have two copies and each copy will reside on a different Log Collector. For example, if you have two Log Collectors in the collector group the log is written to both Log Collectors. https://docs.paloaltonetworks.com/panorama/9-1/panorama-admin/manage-log-collection/manage-collector-groups/configure-a-collector-group
A If you select this option, each log in the Collector Group will have two copies and each copy will reside on a different Log Collector. This redundancy ensures that, if any one Log Collector becomes unavailable, no logs are lost: you can see all the logs forwarded to the Collector Group and run reports for all the log data. Log redundancy is available only if the Collector Group has multiple Log Collectors and each Log Collector has the same number of disks. Log redundancy applies only to newly ingested logs after the setting is enabled and not to existing logs. https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-web-interface-help/panorama-web-interface/panorama-collector-groups/collector-group-configuration#id763001e8-ea88-4223-99bc-7d3604b8defe
I can't find anything about a Panorama "Cluster". Their is Panorama HA pair but not Cluster. SO I think any answer referring to a Panorama Cluster is wrong.
Think its B "(Recommended) Enable log redundancy across collectors if you are adding multiple Log Collectors to a single Collector group. Redundancy ensures that no logs are lost if any one Log Collector becomes unavailable. Each log will have two copies and each copy will reside on a different Log Collector. For example, if you have two Log Collectors in the collector group the log is written to both Log Collectors."