Re: [EXTERNAL] [SECURITY] Palo Alto Panorama Logging

["Bradley, Stephen" <bradlesw () MIAMIOH EDU>]

You must run your Panorama in Panorama mode (yeah it sounds funny).  If it
says legacy mode on the dashboard (gen info window) then it is the old
version compatibility.

Once you go to 8 you can't go back without losing all your logs according
to our SE.

Also, if running the VM version of Panorama there is a significant increase
in the VM requirements.

steve

On Fri, Apr 28, 2017 at 10:11 AM, Brandon Dixon <bdixon2 () murraystate edu>
wrote:

> Thanks for all the responses.  We recently upgraded to 8.x but did not see
> a significant performance improvement while still having some of the same
> issues.
>
> On 4/28/2017 8:14 AM, Klein Keane, Justin wrote:
>
> Hello,
>
>
>
>   We’ve had great luck just sending Palo logs off via syslog to an
> external host and doing analysis in Splunk or a free ELK server, or even
> just OSSEC.  Panorama can be really slow and unresponsive and is
> essentially a passive tool.
>
>
>
> Cheers,
>
>
>
> Justin C. Klein Keane, MA MCIT CEPT C|EH
> Security Architect
> Enterprise Architecture and Security
> Main Line Health Information Technology
> https://www.mainlinehealth.org/
> klein_keanej () mlhs org
> 484-596-2203 <(484)%20596-2203>
>
>
>
> *From: *Brandon Dixon <bdixon2 () MURRAYSTATE EDU>
> *Sent: *Thursday, April 27, 2017 5:02 PM
> *To: *SECURITY () LISTSERV EDUCAUSE EDU
> *Subject: *[EXTERNAL] [SECURITY] Palo Alto Panorama Logging
>
>
>
> We have been running Palo Alto's Panorama central management & logging
> platform for a little over a year now.  We have a couple of 10Gb
> firewalls and a 1Gb firewall that it manages and collects logs from.
> We've had issues since we set it up that we've been working with TAC to
> try and resolve and have  not been able to.  But even despite those, I
> find the log search to be pretty weak and cumbersome when it comes to
> trying to track down a specific log file.
>
> My question is, for those who run Panorama, are you using anything
> alongside Panorama to collect/analyze/search the logs from it?  If so,
> do you bother giving Panorama a large amount of storage?
>
> --
> Brandon Dixon
> Network Engineer
> Information Systems
> Murray State University
> Phone: (270) 809-3694
> Fax:   (270) 809-3465
>
>
>
> MSU Information Systems staff will never ask for your password or other
> confidential information via email.
>
>
>
>
> --
> Brandon Dixon
> Network Engineer
> Information Systems
> Murray State University
> Phone: (270) 809-3694
> Fax:   (270) 809-3465
>
>
>
> MSU Information Systems staff will never ask for your password or other confidential information via email.


-- 
Puppy---Monkey---Baby

Stephen W. Bradley CISSP GNFA GCFA GCIH GWAPT SSCP
Senior Security Engineer
Miami University
IT Services
bradlesw () miamioh edu
513-529-1809