Re: [EXTERNAL] [SECURITY] Palo Alto Panorama Logging

[Brandon Dixon <bdixon2 () MURRAYSTATE EDU>]

Yeah, I noticed the legacy mode setting.  When I read up on that, all I 
could find was legacy mode meant you stored the logs 'locally' versus on 
a separate collector.  I have a meeting with them today, I'll ask them 
more about what you've mentioned.  Thanks!

On 4/28/2017 9:17 AM, Bradley, Stephen wrote:
> You must run your Panorama in Panorama mode (yeah it sounds funny).  
> If it says legacy mode on the dashboard (gen info window) then it is 
> the old version compatibility.
>
> Once you go to 8 you can't go back without losing all your logs 
> according to our SE.
>
> Also, if running the VM version of Panorama there is a significant 
> increase in the VM requirements.
>
> steve
>
> On Fri, Apr 28, 2017 at 10:11 AM, Brandon Dixon 
> <bdixon2 () murraystate edu <mailto:bdixon2 () murraystate edu>> wrote:
>
>     Thanks for all the responses.  We recently upgraded to 8.x but did
>     not see a significant performance improvement while still having
>     some of the same issues.
>
>     On 4/28/2017 8:14 AM, Klein Keane, Justin wrote:
> >     Hello,
> >
> >       We’ve had great luck just sending Palo logs off via syslog to
> >     an external host and doing analysis in Splunk or a free ELK
> >     server, or even just OSSEC.  Panorama can be really slow and
> >     unresponsive and is essentially a passive tool.
> >
> >     Cheers,
> >
> >     Justin C. Klein Keane, MA MCIT CEPT C|EH
> >     Security Architect
> >     Enterprise Architecture and Security
> >     Main Line Health Information Technology
> >     https://www.mainlinehealth.org/ <https://www.mainlinehealth.org/>
> >     klein_keanej () mlhs org <mailto:klein_keanej () mlhs org>
> >     484-596-2203 <tel:%28484%29%20596-2203>
> >
> >     *From: *Brandon Dixon <mailto:bdixon2 () MURRAYSTATE EDU>
> >     *Sent: *Thursday, April 27, 2017 5:02 PM
> >     *To: *SECURITY () LISTSERV EDUCAUSE EDU
> >     <mailto:SECURITY () LISTSERV EDUCAUSE EDU>
> >     *Subject: *[EXTERNAL] [SECURITY] Palo Alto Panorama Logging
> >
> >     We have been running Palo Alto's Panorama central management &
> >     logging
> >     platform for a little over a year now.  We have a couple of 10Gb
> >     firewalls and a 1Gb firewall that it manages and collects logs from.
> >     We've had issues since we set it up that we've been working with
> >     TAC to
> >     try and resolve and have  not been able to.  But even despite
> >     those, I
> >     find the log search to be pretty weak and cumbersome when it
> >     comes to
> >     trying to track down a specific log file.
> >
> >     My question is, for those who run Panorama, are you using anything
> >     alongside Panorama to collect/analyze/search the logs from it? 
> >     If so,
> >     do you bother giving Panorama a large amount of storage?
> >
> >     -- 
> >     Brandon Dixon
> >     Network Engineer
> >     Information Systems
> >     Murray State University
> >     Phone: (270) 809-3694 <tel:%28270%29%20809-3694>
> >     Fax: (270) 809-3465 <tel:%28270%29%20809-3465>
> >
> >
> >
> >     MSU Information Systems staff will never ask for your password or
> >     other confidential information via email.
>
>     -- 
>     Brandon Dixon
>     Network Engineer
>     Information Systems
>     Murray State University
>     Phone:(270) 809-3694 <tel:%28270%29%20809-3694>
>     Fax:(270) 809-3465 <tel:%28270%29%20809-3465>
>
>       
>
>     MSU Information Systems staff will never ask for your password or other confidential information via email.
>
>
>
>
> --
> Puppy---Monkey---Baby
>
> Stephen W. Bradley CISSP GNFA GCFA GCIH GWAPT SSCP
> Senior Security Engineer
> Miami University
> IT Services
> bradlesw () miamioh edu <mailto:bradlesw () miamioh edu>
> 513-529-1809

--
Brandon Dixon
Network Engineer
Information Systems
Murray State University
Phone: (270) 809-3694
Fax:   (270) 809-3465

 

MSU Information Systems staff will never ask for your password or other confidential information via email.