Educause Security Discussion mailing list archives
Re: [EXTERNAL] [SECURITY] Palo Alto Panorama Logging
From: Brandon Dixon <bdixon2 () MURRAYSTATE EDU>
Date: Fri, 28 Apr 2017 09:11:34 -0500
Thanks for all the responses. We recently upgraded to 8.x but did not see a significant performance improvement while still having some of the same issues.
On 4/28/2017 8:14 AM, Klein Keane, Justin wrote:
Hello,We’ve had great luck just sending Palo logs off via syslog to an external host and doing analysis in Splunk or a free ELK server, or even just OSSEC. Panorama can be really slow and unresponsive and is essentially a passive tool.Cheers, Justin C. Klein Keane, MA MCIT CEPT C|EH Security Architect Enterprise Architecture and Security Main Line Health Information Technology https://www.mainlinehealth.org/ klein_keanej () mlhs org 484-596-2203 *From: *Brandon Dixon <mailto:bdixon2 () MURRAYSTATE EDU> *Sent: *Thursday, April 27, 2017 5:02 PM*To: *SECURITY () LISTSERV EDUCAUSE EDU <mailto:SECURITY () LISTSERV EDUCAUSE EDU>*Subject: *[EXTERNAL] [SECURITY] Palo Alto Panorama Logging We have been running Palo Alto's Panorama central management & logging platform for a little over a year now. We have a couple of 10Gb firewalls and a 1Gb firewall that it manages and collects logs from. We've had issues since we set it up that we've been working with TAC to try and resolve and have not been able to. But even despite those, I find the log search to be pretty weak and cumbersome when it comes to trying to track down a specific log file. My question is, for those who run Panorama, are you using anything alongside Panorama to collect/analyze/search the logs from it? If so, do you bother giving Panorama a large amount of storage? -- Brandon Dixon Network Engineer Information Systems Murray State University Phone: (270) 809-3694 Fax: (270) 809-3465MSU Information Systems staff will never ask for your password or other confidential information via email.
-- Brandon Dixon Network Engineer Information Systems Murray State University Phone: (270) 809-3694 Fax: (270) 809-3465
MSU Information Systems staff will never ask for your password or other confidential information via email.
Current thread:
- Palo Alto Panorama Logging Brandon Dixon (Apr 27)
- Re: Palo Alto Panorama Logging Bradley, Stephen (Apr 27)
- Re: Palo Alto Panorama Logging JR Ramirez (Apr 27)
- Re: Palo Alto Panorama Logging Everett, Alex D (Apr 27)
- Re: Palo Alto Panorama Logging JR Ramirez (Apr 27)
- Re: Palo Alto Panorama Logging Nathaniel Hall (Apr 27)
- Re: [EXTERNAL] [SECURITY] Palo Alto Panorama Logging Klein Keane, Justin (Apr 28)
- Re: [EXTERNAL] [SECURITY] Palo Alto Panorama Logging Brandon Dixon (Apr 28)
- Re: [EXTERNAL] [SECURITY] Palo Alto Panorama Logging Bradley, Stephen (Apr 28)
- Re: [EXTERNAL] [SECURITY] Palo Alto Panorama Logging Brandon Dixon (Apr 28)
- Re: [EXTERNAL] [SECURITY] Palo Alto Panorama Logging Bradley, Stephen (Apr 28)
- Re: [EXTERNAL] [SECURITY] Palo Alto Panorama Logging Brandon Dixon (Apr 28)
- Re: Palo Alto Panorama Logging Bradley, Stephen (Apr 27)