https://live.paloaltonetworks.com/t5/log-forwarding-discussions/while-integrating-panorama-with-siem-server-using-syslog-server/m-p/552214#M84 <LI-SPOILER><LI-SPOILER>While integrating panorama with SIEM server( using Syslog server profile ) for log forwarding from panorama to siem server facing system alert/log on panorama i.e “ panorama lost it is connection to peer, No logs will be forwarded ”<BR />Panorama version- 10.2.4<BR />Panorama is in HA but both peer have seperate log collector.&nbsp;<BR />Anyone has faced this same issue, please revert and help</LI-SPOILER> </LI-SPOILER><P>Panorama</P> Thu, 03 Aug 2023 19:46:50 GMT prathamesh_s 2023-08-03T19:46:50Z https://live.paloaltonetworks.com/t5/log-forwarding-discussions/while-integrating-panorama-with-siem-server-using-syslog-server/m-p/552214#M84 <LI-SPOILER><LI-SPOILER>While integrating panorama with SIEM server( using Syslog server profile ) for log forwarding from panorama to siem server facing system alert/log on panorama i.e “ panorama lost it is connection to peer, No logs will be forwarded ”<BR />Panorama version- 10.2.4<BR />Panorama is in HA but both peer have seperate log collector.&nbsp;<BR />Anyone has faced this same issue, please revert and help</LI-SPOILER> </LI-SPOILER><P>Panorama</P> Thu, 03 Aug 2023 19:46:50 GMT https://live.paloaltonetworks.com/t5/log-forwarding-discussions/while-integrating-panorama-with-siem-server-using-syslog-server/m-p/552214#M84 prathamesh_s 2023-08-03T19:46:50Z https://live.paloaltonetworks.com/t5/log-forwarding-discussions/while-integrating-panorama-with-siem-server-using-syslog-server/m-p/552267#M85 <P>Hello&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/270268">@prathamesh_s</a>&nbsp;</P> <P>&nbsp;</P> <P>could you check logs from Panorama CLI to see it can give more details about root cause of the error:&nbsp;tail follow yes mp-log ms.log</P> <P>&nbsp;</P> <P>Kind Regards</P> <P>Pavel&nbsp;</P> Wed, 02 Aug 2023 22:53:28 GMT https://live.paloaltonetworks.com/t5/log-forwarding-discussions/while-integrating-panorama-with-siem-server-using-syslog-server/m-p/552267#M85 PavelK 2023-08-02T22:53:28Z https://live.paloaltonetworks.com/t5/log-forwarding-discussions/while-integrating-panorama-with-siem-server-using-syslog-server/m-p/552379#M86 <P><SPAN>Hi , have run that command</SPAN><BR /><SPAN>&nbsp;Output</SPAN><BR /><SPAN>Error: pan_comm_get_tcp_conn_gen (comm_utils.c:702 ) : COMM: connot connect. Remote ip= 172.24.*.* port=3978 err=connection timed out(110) sock 19</SPAN><BR /><SPAN>CMSA: Source bind sock to 172.20.*.*</SPAN><BR /><SPAN>COMM: Souce bind sock 19 to 172.20.*.* before connect to remote ip [172.24.*.*] &nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/45675">@port</a> 3978</SPAN><BR /><BR /><SPAN>Note* = panorama is in HA , passive panorama in remote location.&nbsp;</SPAN><BR /><SPAN>Active = 172.20.*.*</SPAN><BR /><SPAN>Passive= 172.24.*.*</SPAN><BR /><BR /><SPAN>Have run this command from active panorama&nbsp;</SPAN><BR /><BR /><SPAN>Please reply</SPAN></P> Thu, 03 Aug 2023 09:47:09 GMT https://live.paloaltonetworks.com/t5/log-forwarding-discussions/while-integrating-panorama-with-siem-server-using-syslog-server/m-p/552379#M86 prathamesh_s 2023-08-03T09:47:09Z https://live.paloaltonetworks.com/t5/log-forwarding-discussions/while-integrating-panorama-with-siem-server-using-syslog-server/m-p/552526#M87 <P>Hello&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/270268">@prathamesh_s</a></P> <P>&nbsp;</P> <P>thank you for reply.</P> <P>&nbsp;</P> <P>Regarding the first screen shot, it looks like that there is a connectivity issue between Panorama and managed Firewall. There is a time out for TCP 3978, but eventually at the end of the log, there is a message that device has registered. To me it looks like WAN / Connectivity issue. Could you check this KB:&nbsp;<A href="https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClaWCAS" target="_self">Troubleshooting Panorama Connectivity</A>&nbsp;</P> <P>&nbsp;</P> <P>Regarding second screen shot with the error: "Panorama has lost...", it looks like a latency / connectivity issue between active and passive Panorama. The maximum recommended latency between both units should be below 500 ms. Here is a reference in documentation&nbsp;<A href="https://docs.paloaltonetworks.com/panorama/11-0/panorama-admin/panorama-high-availability/panorama-ha-prerequisites#id589e055b-37df-42b2-b710-0941ac00f993" target="_self">Doc</A>. Since you mentioned that passive Panorama is in remote location, I would try to adjust HA Timers&nbsp;<A href="https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-web-interface-help/panorama-web-interface/panorama-high-availability" target="_self">Doc.</A></P> <P>&nbsp;</P> <P>Kind Regards</P> <P>Pavel&nbsp;</P> Fri, 04 Aug 2023 06:22:49 GMT https://live.paloaltonetworks.com/t5/log-forwarding-discussions/while-integrating-panorama-with-siem-server-using-syslog-server/m-p/552526#M87 PavelK 2023-08-04T06:22:49Z