Educause Security Discussion mailing list archives
Re: [EXTERNAL] [SECURITY] Palo Alto Panorama Logging
From: "Bradley, Stephen" <bradlesw () MIAMIOH EDU>
Date: Fri, 28 Apr 2017 10:17:15 -0400
You must run your Panorama in Panorama mode (yeah it sounds funny). If it says legacy mode on the dashboard (gen info window) then it is the old version compatibility. Once you go to 8 you can't go back without losing all your logs according to our SE. Also, if running the VM version of Panorama there is a significant increase in the VM requirements. steve On Fri, Apr 28, 2017 at 10:11 AM, Brandon Dixon <bdixon2 () murraystate edu> wrote:
Thanks for all the responses. We recently upgraded to 8.x but did not see a significant performance improvement while still having some of the same issues. On 4/28/2017 8:14 AM, Klein Keane, Justin wrote: Hello, We’ve had great luck just sending Palo logs off via syslog to an external host and doing analysis in Splunk or a free ELK server, or even just OSSEC. Panorama can be really slow and unresponsive and is essentially a passive tool. Cheers, Justin C. Klein Keane, MA MCIT CEPT C|EH Security Architect Enterprise Architecture and Security Main Line Health Information Technology https://www.mainlinehealth.org/ klein_keanej () mlhs org 484-596-2203 <(484)%20596-2203> *From: *Brandon Dixon <bdixon2 () MURRAYSTATE EDU> *Sent: *Thursday, April 27, 2017 5:02 PM *To: *SECURITY () LISTSERV EDUCAUSE EDU *Subject: *[EXTERNAL] [SECURITY] Palo Alto Panorama Logging We have been running Palo Alto's Panorama central management & logging platform for a little over a year now. We have a couple of 10Gb firewalls and a 1Gb firewall that it manages and collects logs from. We've had issues since we set it up that we've been working with TAC to try and resolve and have not been able to. But even despite those, I find the log search to be pretty weak and cumbersome when it comes to trying to track down a specific log file. My question is, for those who run Panorama, are you using anything alongside Panorama to collect/analyze/search the logs from it? If so, do you bother giving Panorama a large amount of storage? -- Brandon Dixon Network Engineer Information Systems Murray State University Phone: (270) 809-3694 Fax: (270) 809-3465 MSU Information Systems staff will never ask for your password or other confidential information via email. -- Brandon Dixon Network Engineer Information Systems Murray State University Phone: (270) 809-3694 Fax: (270) 809-3465 MSU Information Systems staff will never ask for your password or other confidential information via email.
-- Puppy---Monkey---Baby Stephen W. Bradley CISSP GNFA GCFA GCIH GWAPT SSCP Senior Security Engineer Miami University IT Services bradlesw () miamioh edu 513-529-1809
Current thread:
- Palo Alto Panorama Logging Brandon Dixon (Apr 27)
- Re: Palo Alto Panorama Logging Bradley, Stephen (Apr 27)
- Re: Palo Alto Panorama Logging JR Ramirez (Apr 27)
- Re: Palo Alto Panorama Logging Everett, Alex D (Apr 27)
- Re: Palo Alto Panorama Logging JR Ramirez (Apr 27)
- Re: Palo Alto Panorama Logging Nathaniel Hall (Apr 27)
- Re: [EXTERNAL] [SECURITY] Palo Alto Panorama Logging Klein Keane, Justin (Apr 28)
- Re: [EXTERNAL] [SECURITY] Palo Alto Panorama Logging Brandon Dixon (Apr 28)
- Re: [EXTERNAL] [SECURITY] Palo Alto Panorama Logging Bradley, Stephen (Apr 28)
- Re: [EXTERNAL] [SECURITY] Palo Alto Panorama Logging Brandon Dixon (Apr 28)
- Re: [EXTERNAL] [SECURITY] Palo Alto Panorama Logging Bradley, Stephen (Apr 28)
- Re: [EXTERNAL] [SECURITY] Palo Alto Panorama Logging Brandon Dixon (Apr 28)
- Re: Palo Alto Panorama Logging Bradley, Stephen (Apr 27)