Configuring a Dedicated Logging Port in Maestro
The logging mechanism on each Security Group Member in Security Groups forwards the logs directly to a dedicated Log Server over the Quantum Maestro Orchestrator's management port assigned to this Security Group.
However, the Quantum Maestro Orchestrator's management ports can experience a high load when Security Group Members generate a large number of logs.
To reduce the load on the Quantum Maestro Orchestrator's management ports:
-
Assign a dedicated Quantum Maestro Orchestrator port of type
managementto a Security Group for logging -
Configure the Security Group to send the logs to the dedicated Log Server
Topology:
[Management Server](some interface) <===> (management port 1 on Quantum Maestro Orchestrator)[Security Group]
[Management Server](some interface) <===> (interface 1) [Log Server] (interface 2) <===> (management port 2 on Quantum Maestro Orchestrator)[Security Group]
Procedure:
|
Step |
Instructions |
||
|---|---|---|---|
|
1 |
Install a dedicated Log Server:
|
||
|
2 |
On the Quantum Maestro Orchestrator, assign the dedicated port of type |
||
|
3 |
In the Gaia OS of the Security Group, configure in Gaia gClish the dedicated management port. Syntax:
Example:
Note - You must assign an IPv4 address from the same subnet as assigned to the dedicated interface on the Log Server, which connects to the Quantum Maestro Orchestrator. |
||
|
4 |
In SmartConsole, configure the Security Group object to send its logs to the dedicated Log Server. See the applicable Logging and Monitoring Administration Guide > Chapter Getting Started > Section Deploying Logging Section - Subsection Configuring the Security Gateways for Logging. |
|
|
Note - The SMO makes sure that return traffic from the Log Server reaches the correct Security Group Member in the Security Group. |
