topic Re: Setting up log collection in Panorama in Panorama Discussions

Setting up log collection in Panorama

alan-griffiths — Thu, 25 Aug 2022 15:47:54 GMT

Hi,

Very new to Palo, just doing a PoC in AWS at the moment.

I've got Panorama and 2 VM-100 firewalls deployed. Trying to get traffic logs from the firewalls into Panorama. I've used the two links below to configure it

https://docs.paloaltonetworks.com/panorama/10-1/panorama-admin/manage-log-collection/log-collection-deployments/deploy-panorama-virtual-appliances-with-local-log-collectors

https://docs.paloaltonetworks.com/panorama/10-1/panorama-admin/manage-log-collection/configure-log-forwarding-to-panorama

Everything appears to be setup as per the documentation. Rules are logging, I can see them in the firewall GUI, but no logs appear in the Panorama GUI.

Any suggestions on further debug?

Re: Setting up log collection in Panorama

PavelK — Thu, 25 Aug 2022 22:40:45 GMT

Hello @alan-griffiths

since it is a new installation it could be anything at this stage. To isolate issue to either Firewall or Panorama side, could you please run below commands and share the output:

Firewall:

show log-collector preference-list

show logging-status

Panorama:

show logging-status device <serial number of Firewall>

Depending on the output from the above commands, I would set next course of action, however on general note make sure that Firewall as well as Panorama are set to the same time/time zone: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClXACA0 and make sure that Firewall is added to log collector under: Panorama > Collector Groups > [Collector Name] > Device Log Forwarding > Devices > Modify > [Select Firewall] and press OK to apply. Do not forget to commit this change and push configuration to log collector under Commit > Push to Devices > Edit Selection > Collector Groups > [Collector Name] > OK.

Kind Regards

Pavel

Re: Setting up log collection in Panorama

alan-griffiths — Fri, 26 Aug 2022 09:54:21 GMT

On the firewall

admin@ip-10-201-50-52> show log-collector preference-list Log Collector Preference List Forward to all: No Serial Number: 000710009677 IP Address: 10.201.24.12 IPV6 Address: unknown admin@ip-10-201-50-52> show logging-status ----------------------------------------------------------------------------------------------------------------------------- Type Last Log Created Last Log Fwded Last Seq Num Fwded Last Seq Num Acked Total Logs Fwded ----------------------------------------------------------------------------------------------------------------------------- Log Collector : CMS 0 Connection IP : lr-cms0 Conn Source IP : lr - def High speed mode : Disabled Connection Status : lr - Inactive Rate : 0 logs/sec traffic Not Available Not Available 0 0 0 threat Not Available Not Available 0 0 0 hipmatch Not Available Not Available 0 0 0 gtp-tunnel Not Available Not Available 0 0 0 auth Not Available Not Available 0 0 0 iptag Not Available Not Available 0 0 0 userid Not Available Not Available 0 0 0 sctp Not Available Not Available 0 0 0 decryption Not Available Not Available 0 0 0 config Not Available Not Available 0 0 0 system Not Available Not Available 0 0 0 globalprotect Not Available Not Available 0 0 0 Log Collector : 000710009677 Connection IP : lr-10.201.24.12 Conn Source IP : lr - def High speed mode : Disabled Connection Status : lr - Inactive Rate : 0 logs/sec traffic Not Available Not Available 0 0 0 threat Not Available Not Available 0 0 0 hipmatch Not Available Not Available 0 0 0 gtp-tunnel Not Available Not Available 0 0 0 auth Not Available Not Available 0 0 0 iptag Not Available Not Available 0 0 0 userid Not Available Not Available 0 0 0 sctp Not Available Not Available 0 0 0 decryption Not Available Not Available 0 0 0 config Not Available Not Available 0 0 0 system Not Available Not Available 0 0 0 globalprotect Not Available Not Available 0 0 0 Log Collector : Connection IP : lr-cms1 Conn Source IP : lr - def High speed mode : Disabled Connection Status : lr - Inactive Rate : 0 logs/sec traffic Not Available Not Available 0 0 0 threat Not Available Not Available 0 0 0 hipmatch Not Available Not Available 0 0 0 gtp-tunnel Not Available Not Available 0 0 0 auth Not Available Not Available 0 0 0 iptag Not Available Not Available 0 0 0 userid Not Available Not Available 0 0 0 sctp Not Available Not Available 0 0 0 decryption Not Available Not Available 0 0 0 config Not Available Not Available 0 0 0 system Not Available Not Available 0 0 0 globalprotect Not Available Not Available 0 0 0

On the Panorama

admin@Panorama> show logging-status device 007955000324512 Type Last Log Rcvd Last Seq Num Rcvd Last Log Generated Source IP : Default Destination IP : Default Source Daemon : unknown Connection Id : 007955000324512 Log rate: 0 config N/A N/A N/A system N/A N/A N/A threat N/A N/A N/A traffic N/A N/A N/A hipmatch N/A N/A N/A gtp-tunnel N/A N/A N/A userid N/A N/A N/A iptag N/A N/A N/A auth N/A N/A N/A sctp N/A N/A N/A decryption N/A N/A N/A globalprotect N/A N/A N/A

Regards timezone, I can confirm both Panorama and Firewalls are configured for Etc/UTC and synced with NTP.

See attached screenshot for log collector group.

Re: Setting up log collection in Panorama

PavelK — Fri, 26 Aug 2022 12:44:59 GMT

Thank you for reply @alan-griffiths

based on the output you provided there is a connection issue. The connection status is "inactive".

Could you please confirm the status of the Firewall in Panorama under: Panorama > Managed Devices > Summary. If the status is not connected, could you go through this KB: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClaWCAS

If anything in the above KB provides solution, could you check on Firewall side from CLI logs: tail lines 500 mp-log ms.log

Kind Regards

Pavel

Re: Setting up log collection in Panorama

alan-griffiths — Fri, 26 Aug 2022 13:41:25 GMT

Firewall is reported as connected and In Sync.

Log is below

admin@ip-10-201-50-52> tail lines 500 mp-log ms.log 2022-08-24 08:11:53.353 -0700 ===================== MS: start ====================== 2022-08-24 08:11:53.355 -0700 MS: SSL lib initialized 2022-08-24 08:11:53.355 -0700 Warning: pan_hash_init(pan_hash.c:113): nbuckets 2000 is not power of 2! 2022-08-24 08:11:53.355 -0700 Warning: pan_hash_init(pan_hash.c:113): nbuckets 2000 is not power of 2! 2022-08-24 08:11:53.355 -0700 Warning: pan_hash_init(pan_hash.c:113): nbuckets 2000 is not power of 2! 2022-08-24 08:11:53.355 -0700 MS: connection manager initialized 2022-08-24 08:11:53.370 -0700 sysd worker[0]: 7f1b944ff700: starting up... 2022-08-24 08:11:53.462 -0700 Error: _glob_err_handler(pan_mgt_exec.c:552): Error occurred at /opt/pancfg/mgmt/saved-configs, (code : 2 ; message : No such file or directory) 2022-08-24 08:11:53.462 -0700 Error: pan_sys_exec_expand_wildcard(pan_mgt_exec.c:573): get a read error 2022-08-24 08:11:53.462 -0700 Removing /tmp/.iddone in pan_cfg_remove_temporary_files 2022-08-24 08:11:53.482 -0700 Error: pan_dir_create(pan_fs.c:301): failed to create dir /tmp/pan wih error 17 2022-08-24 08:11:53.689 -0700 succeed to initialize xslt security preference 2022-08-24 08:11:53.690 -0700 Not connected to sysd yet. Sleeping for 5 second.. 2022-08-24 08:11:53.696 -0700 sysd worker[0]: 7f1b920f8700: starting up... 2022-08-24 08:11:53.696 -0700 sysd worker[0]: 7f1b938fd700: starting up... 2022-08-24 08:11:53.696 -0700 sysd worker[1]: 7f1b934fc700: starting up... 2022-08-24 08:11:53.696 -0700 sysd worker[2]: 7f1b930fb700: starting up... 2022-08-24 08:11:53.696 -0700 sysd worker[3]: 7f1b92cfa700: starting up... 2022-08-24 08:11:55.358 -0700 Sysd Event: SUCCESS 2022-08-24 08:11:55.690 -0700 Sysd Event: SUCCESS 2022-08-24 08:11:55.690 -0700 connected to sysd 2022-08-24 08:11:55.690 -0700 config manager:connected to sysd 2022-08-24 08:11:55.694 -0700 Management server started. Running version 10.1.6 2022-08-24 08:11:55.694 -0700 sw detail version 10.1.6 2022-08-24 08:11:55.695 -0700 Error: _pan_cfg_parse_secure_conn_mgmt_settings(pan_sec_conn_parser.c:1220): File stats error: /opt/pancfg/mgmt/cms/ssl/pan_mgmt_secure_conn_cfg_current.xml 2022-08-24 08:11:55.695 -0700 Error: pan_cfg_parse_secure_conn_mgmt_settings(pan_sec_conn_parser.c:1408): Failed to parse the secure connection settings 2022-08-24 08:11:55.695 -0700 Error: pan_cfg_mgr_parse_secure_conn_settings(pan_cfg_mgr.c:47631): Failed to parse the secure conn settings for management. 2022-08-24 08:11:55.695 -0700 Error: pan_cfg_mgr_construct_int(pan_cfg_mgr.c:33490): [Secure conn config parsing] Cannot parse the secure conn configuration.Please rectify the configuration and try again. 2022-08-24 08:11:55.695 -0700 Warning: pan_log_proxy(pan_priv_log.c:269): Slog being proxied 2022-08-24 08:11:55.695 -0700 Initialized cfg mgr for management server 2022-08-24 08:11:55.811 -0700 MS: configuration manager initialized 2022-08-24 08:11:55.811 -0700 Error: sc3_ca_exists(sc3_certs.c:221): SC3: Failed to get the current CA name. 2022-08-24 08:11:55.811 -0700 Warning: sc3_init_sc3(sc3_utils.c:351): SC3: Failed to get the Current CC name 2022-08-24 08:11:55.811 -0700 Warning: sc3_init_sc3(sc3_utils.c:373): SC3: No CSR present. 2022-08-24 08:11:56.863 -0700 Warning: pan_log_proxy(pan_priv_log.c:269): Slog being proxied 2022-08-24 08:11:56.863 -0700 Warning: sc3_init_sc3(sc3_utils.c:380): SC3: Device CSR set to 'b0e6bf7a-dad1-4f9f-8fac-74732a5554c6' 2022-08-24 08:11:56.863 -0700 SC3: CA: '', CC/CSR: 'b0e6bf7a-dad1-4f9f-8fac-74732a5554c6' 2022-08-24 08:11:56.863 -0700 SC3: initialized 2022-08-24 08:11:56.864 -0700 <vsys> tag does not exist 2022-08-24 08:11:56.864 -0700 Error: pan_load_ca_subjects(pan_crl_ocsp.c:70): canot read the root ca file (/opt/pancfg/certificates/cac-ca-sec-4/0/HYUR1DNHrVKwag6) 2022-08-24 08:11:56.864 -0700 Error: pan_load_ca_subjects(pan_crl_ocsp.c:70): canot read the root ca file (/opt/pancfg/certificates/cac-ca-sec-4/0/izx04OEwogJg1sk) 2022-08-24 08:11:56.864 -0700 Error: pan_load_ca_subjects(pan_crl_ocsp.c:70): canot read the root ca file (/opt/pancfg/certificates/cac-ca-sec-4/0/vpHV88KjA7hIT3E) 2022-08-24 08:11:56.864 -0700 Error: pan_load_ca_subjects(pan_crl_ocsp.c:70): canot read the root ca file (/opt/pancfg/certificates/cac-ca-sec-4/0/C6oXfQDCkIPA-xH) 2022-08-24 08:11:56.864 -0700 Error: pan_load_ca_subjects(pan_crl_ocsp.c:70): canot read the root ca file (/opt/pancfg/certificates/cac-ca-sec-4/0/dEo21vgdxV2mYF8) 2022-08-24 08:11:56.864 -0700 Error: pan_load_ca_subjects(pan_crl_ocsp.c:70): canot read the root ca file (/opt/pancfg/certificates/cac-ca-sec-4/0/Gy8z8lFWaN1qFjH) 2022-08-24 08:11:56.864 -0700 mgmt internal: client certificate profile commit 2022-08-24 08:11:56.865 -0700 DNS_API - dns_vsys_disabled: FALSE 2022-08-24 08:11:56.865 -0700 DNS_API - init dns_vsys_disabled: FALSE 2022-08-24 08:11:56.865 -0700 Constructed event manager (addr=0x55e732874500) 2022-08-24 08:11:56.867 -0700 Notifier created for management server, (addr=0x55e732842f00) 2022-08-24 08:11:56.867 -0700 Warning: pan_hash_init(pan_hash.c:113): nbuckets 10000 is not power of 2! 2022-08-24 08:11:56.867 -0700 created thread pool(0x55e73286c480, 16) 2022-08-24 08:11:56.867 -0700 Error: create_worker_threads(threadpool.c:27): thread pool configures with zero threads! 2022-08-24 08:11:56.867 -0700 created thread pool(0x55e73286c530, 0) 2022-08-24 08:11:56.867 -0700 Error: create_worker_threads(threadpool.c:27): thread pool configures with zero threads! 2022-08-24 08:11:56.867 -0700 created thread pool(0x55e73286c5e0, 0) 2022-08-24 08:11:56.867 -0700 Non-blocking thread pool created for event manager, (addr=0x55e73286c480) 2022-08-24 08:11:57.030 -0700 MS: panorama module initialized 2022-08-24 08:11:57.030 -0700 MS: event manager initialized 2022-08-24 08:11:57.057 -0700 pan_lcsa_tcp_connect_pref_list: Created connect pref thread 2022-08-24 08:11:57.064 -0700 MS: server address 7f000001 port:10000 2022-08-24 08:11:57.064 -0700 set TCP_NODELAY option on socket, port 10000 2022-08-24 08:11:57.064 -0700 Error: tp_submit_srvr_fd_work(socksrvr.c:115): work(SRVR, 0x55e7328a02a0) submitted 2022-08-24 08:11:57.064 -0700 The max requests per client is set to 250 for server 10000 (fd=19) 2022-08-24 08:11:57.070 -0700 Warning: sc3_get_current_sc3(sc3_utils.c:179): SC3: failed to get SNI 2022-08-24 08:11:57.070 -0700 Warning: sc3_get_current_sc3(sc3_utils.c:182): SC3: failed to get CCN 2022-08-24 08:11:57.120 -0700 Warning: sc3_get_current_sc3(sc3_utils.c:179): SC3: failed to get SNI 2022-08-24 08:11:57.120 -0700 Warning: sc3_get_current_sc3(sc3_utils.c:182): SC3: failed to get CCN 2022-08-24 08:12:27.070 -0700 cmsa: agent index=0 2022-08-24 08:12:27.070 -0700 cmsa: agent index=1 2022-08-24 08:12:27.070 -0700 Warning: sc3_get_current_sc3(sc3_utils.c:179): SC3: failed to get SNI 2022-08-24 08:12:27.070 -0700 Warning: sc3_get_current_sc3(sc3_utils.c:182): SC3: failed to get CCN 2022-08-24 08:12:27.070 -0700 Warning: sc3_get_current_sc3(sc3_utils.c:179): SC3: failed to get SNI 2022-08-24 08:12:27.073 -0700 Warning: sc3_get_current_sc3(sc3_utils.c:182): SC3: failed to get CCN 2022-08-24 08:12:27.080 -0700 Warning: pan_cmsa_mgmt_assign_ssl_ctx(src_panos/cms_agent.c:2353): client using default (legacy) context 2022-08-24 08:12:27.080 -0700 Warning: pan_cmsa_mgmt_assign_ssl_ctx(src_panos/cms_agent.c:2353): client using default (legacy) context 2022-08-24 08:12:27.080 -0700 Warning: sc3_get_current_sc3(sc3_utils.c:179): SC3: failed to get SNI 2022-08-24 08:12:27.080 -0700 Warning: sc3_get_current_sc3(sc3_utils.c:182): SC3: failed to get CCN 2022-08-24 08:12:27.081 -0700 cmsa idx=0: waiting for an active device state 2022-08-24 08:12:27.081 -0700 Warning: sc3_get_current_sc3(sc3_utils.c:179): SC3: failed to get SNI 2022-08-24 08:12:27.081 -0700 Warning: sc3_get_current_sc3(sc3_utils.c:182): SC3: failed to get CCN 2022-08-24 08:12:27.081 -0700 cmsa idx=1: waiting for an active device state 2022-08-24 08:12:37.081 -0700 cmsa idx=0: waiting for an active device state 2022-08-24 08:12:37.081 -0700 cmsa idx=1: waiting for an active device state 2022-08-24 08:12:47.081 -0700 cmsa idx=0: waiting for an active device state 2022-08-24 08:12:47.082 -0700 cmsa idx=1: waiting for an active device state 2022-08-24 08:12:55.761 -0700 Error: pan_secure_conn_load_ccp_from_file(pan_ssl_curl_utils.c:374): failed to open /opt/pancfg/mgmt/cms/ssl/ccp.txt 2022-08-24 08:12:55.761 -0700 pan_secure_conn_config_update_cb is called 2022-08-24 08:12:55.761 -0700 Error: pan_secure_conn_config_update_cb(pan_ssl_curl_utils.c:457): pan_secure_conn__config_update_cb failed 2022-08-24 08:12:56.086 -0700 Error: pan_evtmgr_proxy_broadcast_msg_to_srvcd(ms_evtmgr_proxy.c:552): Proxy configd: agent not connected, unable to broadcast to it 2022-08-24 08:12:56.086 -0700 Error: pan_evtmgr_proxy_broadcast_msg_to_srvcd(ms_evtmgr_proxy.c:552): Proxy reportd: agent not connected, unable to broadcast to it 2022-08-24 08:12:56.086 -0700 Error: pan_evtmgr_proxy_broadcast_msg_to_srvcd(ms_evtmgr_proxy.c:552): Proxy logrcvr: agent not connected, unable to broadcast to it 2022-08-24 08:12:56.086 -0700 Error: pan_evtmgr_proxy_broadcast_msg_to_srvcd(ms_evtmgr_proxy.c:552): Proxy cord: agent not connected, unable to broadcast to it 2022-08-24 08:12:56.086 -0700 Error: pan_evtmgr_proxy_broadcast_msg_to_srvcd(ms_evtmgr_proxy.c:552): Proxy esmonitor: agent not connected, unable to broadcast to it 2022-08-24 08:12:56.086 -0700 Error: pan_evtmgr_proxy_broadcast_msg_to_srvcd(ms_evtmgr_proxy.c:552): Proxy useridd: agent not connected, unable to broadcast to it 2022-08-24 08:12:56.086 -0700 Error: pan_evtmgr_proxy_broadcast_msg_to_srvcd(ms_evtmgr_proxy.c:552): Proxy distributord: agent not connected, unable to broadcast to it 2022-08-24 08:12:56.086 -0700 Error: pan_evtmgr_proxy_broadcast_msg_to_srvcd(ms_evtmgr_proxy.c:552): Proxy iotd: agent not connected, unable to broadcast to it 2022-08-24 08:12:57.082 -0700 cmsa idx=0: waiting for an active device state 2022-08-24 08:12:57.082 -0700 cmsa idx=1: waiting for an active device state 2022-08-24 08:13:07.082 -0700 cmsa idx=1: waiting for an active device state 2022-08-24 08:13:07.082 -0700 cmsa idx=0: waiting for an active device state 2022-08-24 08:13:17.083 -0700 cmsa idx=0: waiting for an active device state 2022-08-24 08:13:17.083 -0700 cmsa idx=1: waiting for an active device state 2022-08-24 08:13:27.083 -0700 cmsa idx=1: waiting for an active device state 2022-08-24 08:13:27.083 -0700 cmsa idx=0: waiting for an active device state 2022-08-24 08:13:36.937 -0700 EM: Register request from iotd seq= 699 2022-08-24 08:13:36.937 -0700 Send registration response to iotd 2022-08-24 08:13:37.083 -0700 cmsa idx=0: waiting for an active device state 2022-08-24 08:13:37.083 -0700 cmsa idx=1: waiting for an active device state 2022-08-24 08:13:40.633 -0700 EM: Register request from useridd seq= 703 2022-08-24 08:13:40.633 -0700 Send registration response to useridd 2022-08-24 08:13:40.767 -0700 EM: Register request from distributord seq= 703 2022-08-24 08:13:40.767 -0700 Send registration response to distributord 2022-08-24 08:13:40.791 -0700 EM: Register request from reportd seq= 703 2022-08-24 08:13:40.791 -0700 Send registration response to reportd 2022-08-24 08:13:41.339 -0700 EM: Register request from logrcvr seq= 704 2022-08-24 08:13:41.339 -0700 Send registration response to logrcvr 2022-08-24 08:13:47.084 -0700 cmsa idx=1: waiting for an active device state 2022-08-24 08:13:47.084 -0700 cmsa idx=0: waiting for an active device state 2022-08-24 08:13:57.085 -0700 cmsa idx=0: waiting for an active device state 2022-08-24 08:13:57.085 -0700 cmsa idx=1: waiting for an active device state 2022-08-24 08:14:00.282 -0700 EM: Register request from configd seq= 723 2022-08-24 08:14:00.282 -0700 Add unkown device 1000000 2022-08-24 08:14:00.282 -0700 Send registration response to configd 2022-08-24 08:14:01.106 -0700 update client device info, n_entries=1 op=1 2022-08-24 08:14:01.106 -0700 Device info updated for client id 1000007 device_registered no 2022-08-24 08:14:07.085 -0700 cmsa idx=1: waiting for an active device state 2022-08-24 08:14:07.085 -0700 cmsa idx=0: waiting for an active device state 2022-08-24 08:14:17.085 -0700 cmsa idx=0: waiting for an active device state 2022-08-24 08:14:17.085 -0700 cmsa idx=1: waiting for an active device state 2022-08-24 08:14:27.086 -0700 cmsa idx=1: waiting for an active device state 2022-08-24 08:14:27.086 -0700 cmsa idx=0: waiting for an active device state 2022-08-24 08:14:37.086 -0700 cmsa idx=0: waiting for an active device state 2022-08-24 08:14:37.086 -0700 cmsa idx=1: waiting for an active device state 2022-08-24 08:14:47.087 -0700 cmsa idx=1: waiting for an active device state 2022-08-24 08:14:47.087 -0700 cmsa idx=0: waiting for an active device state 2022-08-24 08:14:57.087 -0700 cmsa idx=0: waiting for an active device state 2022-08-24 08:14:57.087 -0700 cmsa idx=1: waiting for an active device state 2022-08-24 08:15:07.088 -0700 cmsa idx=1: waiting for an active device state 2022-08-24 08:15:07.088 -0700 cmsa idx=0: waiting for an active device state 2022-08-24 08:15:17.089 -0700 cmsa idx=0: waiting for an active device state 2022-08-24 08:15:17.089 -0700 cmsa idx=1: waiting for an active device state 2022-08-24 08:15:27.089 -0700 cmsa idx=1: waiting for an active device state 2022-08-24 08:15:27.089 -0700 cmsa idx=0: waiting for an active device state 2022-08-24 08:15:37.089 -0700 cmsa idx=0: waiting for an active device state 2022-08-24 08:15:37.089 -0700 cmsa idx=1: waiting for an active device state 2022-08-24 08:15:44.329 -0700 <vsys> tag does not exist 2022-08-24 08:15:44.329 -0700 mgmt internal: client certificate profile commit 2022-08-24 08:15:44.329 -0700 No child nodes present under secure connection server mgmt settings, No updates needed. 2022-08-24 08:15:44.329 -0700 [secure_conn] extract secure_conn userid channel settings SERVER 2022-08-24 08:15:44.329 -0700 [secure_conn] user_id secure comm enabled for SERVER 2022-08-24 08:15:44.329 -0700 No child nodes present under secure connection client mgmt settings, No updates needed. 2022-08-24 08:15:44.329 -0700 [secure_conn] extract secure_conn userid channel settings CLIENT 2022-08-24 08:15:44.329 -0700 [secure_conn] user_id secure comm enabled for CLIENT 2022-08-24 08:15:44.330 -0700 [Secure conn config change] Dropping the connection with primary panorama 2022-08-24 08:15:44.330 -0700 [Secure conn config change] Dropping the connection with secondary panorama 2022-08-24 08:15:44.333 -0700 Error: pan_secure_conn_load_ccp_from_file(pan_ssl_curl_utils.c:374): failed to open /opt/pancfg/mgmt/cms/ssl/ccp.txt 2022-08-24 08:15:44.333 -0700 pan_secure_conn_config_update_cb is called 2022-08-24 08:15:44.333 -0700 Error: pan_secure_conn_config_update_cb(pan_ssl_curl_utils.c:457): pan_secure_conn__config_update_cb failed 2022-08-24 08:16:17.098 -0700 cmsa: agent index=0 2022-08-24 08:16:17.098 -0700 cmsa: agent index=1 2022-08-24 08:16:17.098 -0700 Warning: sc3_get_current_sc3(sc3_utils.c:179): SC3: failed to get SNI 2022-08-24 08:16:17.098 -0700 Warning: sc3_get_current_sc3(sc3_utils.c:182): SC3: failed to get CCN 2022-08-24 08:16:17.098 -0700 [Secure conn] Secure channel for Firewall to panorama communication not enabled for secure conn. 2022-08-24 08:16:17.101 -0700 Warning: sc3_get_current_sc3(sc3_utils.c:179): SC3: failed to get SNI 2022-08-24 08:16:17.101 -0700 Warning: sc3_get_current_sc3(sc3_utils.c:182): SC3: failed to get CCN 2022-08-24 08:16:17.101 -0700 [Secure conn] Secure channel for Firewall to panorama communication not enabled for secure conn. 2022-08-24 08:16:17.113 -0700 Warning: pan_cmsa_mgmt_assign_ssl_ctx(src_panos/cms_agent.c:2353): client using default (legacy) context 2022-08-24 08:16:17.113 -0700 Warning: pan_cmsa_mgmt_assign_ssl_ctx(src_panos/cms_agent.c:2353): client using default (legacy) context 2022-08-24 08:16:17.113 -0700 Warning: sc3_get_current_sc3(sc3_utils.c:179): SC3: failed to get SNI 2022-08-24 08:16:17.113 -0700 Warning: sc3_get_current_sc3(sc3_utils.c:182): SC3: failed to get CCN 2022-08-24 08:16:17.114 -0700 Warning: sc3_get_current_sc3(sc3_utils.c:179): SC3: failed to get SNI 2022-08-24 08:16:17.114 -0700 Warning: sc3_get_current_sc3(sc3_utils.c:182): SC3: failed to get CCN 2022-08-24 08:16:17.359 -0700 COMM: connection established. sock=28 remote ip=10.201.24.12 port=3978 local port=36400 2022-08-24 08:16:17.359 -0700 cms agent: Pre. send buffer limit=87040. s=28 2022-08-24 08:16:17.359 -0700 cms agent: Post. send buffer limit=2097152. s=28 2022-08-24 08:16:17.359 -0700 Error: cs_load_certs_ex(cs_common.c:655): keyfile not exists 2022-08-24 08:16:17.359 -0700 Error: pan_cmsa_tcp_channel_setup(src_panos/cms_agent.c:883): cms agent: cs_load_certs_ex failed 2022-08-24 08:16:17.359 -0700 cmsa: client will use default context 2022-08-24 08:16:17.360 -0700 Warning: pan_cmsa_tcp_channel_setup(src_panos/cms_agent.c:988): client will not use SNI 2022-08-24 08:16:17.369 -0700 panorama agent: ssl channel established. sock=28 ssl=0x55e732bf4680 2022-08-24 08:16:17.369 -0700 The max requests per client is set to 250 for server 0 (fd=-100) 2022-08-24 08:16:17.369 -0700 Device info set to panorama 2022-08-24 08:16:17.952 -0700 update client device info, n_entries=1 op=2 2022-08-24 08:16:17.952 -0700 Device info updated for client id 1000008 device_registered no 2022-08-24 08:16:47.954 -0700 cmsa: agent index=0 2022-08-24 08:16:47.955 -0700 Warning: sc3_get_current_sc3(sc3_utils.c:179): SC3: failed to get SNI 2022-08-24 08:16:47.955 -0700 Warning: sc3_get_current_sc3(sc3_utils.c:182): SC3: failed to get CCN 2022-08-24 08:16:47.955 -0700 [Secure conn] Secure channel for Firewall to panorama communication not enabled for secure conn. 2022-08-24 08:16:47.967 -0700 Warning: pan_cmsa_mgmt_assign_ssl_ctx(src_panos/cms_agent.c:2353): client using default (legacy) context 2022-08-24 08:16:47.967 -0700 Warning: sc3_get_current_sc3(sc3_utils.c:179): SC3: failed to get SNI 2022-08-24 08:16:47.967 -0700 Warning: sc3_get_current_sc3(sc3_utils.c:182): SC3: failed to get CCN 2022-08-24 08:16:48.195 -0700 COMM: connection established. sock=28 remote ip=10.201.24.12 port=3978 local port=36512 2022-08-24 08:16:48.195 -0700 cms agent: Pre. send buffer limit=87040. s=28 2022-08-24 08:16:48.195 -0700 cms agent: Post. send buffer limit=2097152. s=28 2022-08-24 08:16:48.204 -0700 cmsa: client will use default context 2022-08-24 08:16:48.204 -0700 Warning: pan_cmsa_tcp_channel_setup(src_panos/cms_agent.c:988): client will not use SNI 2022-08-24 08:16:48.215 -0700 panorama agent: ssl channel established. sock=28 ssl=0x55e732bf49c0 2022-08-24 08:16:48.215 -0700 Device info set to panorama 2022-08-24 08:16:48.677 -0700 update client device info, n_entries=1 op=1 2022-08-24 08:16:48.677 -0700 Device info updated for client id 1000009 device_registered no 2022-08-24 09:04:36.958 -0700 [Secure conn cfg-mgr trigger update] Sec conn config not changed, No updates needed. 2022-08-24 09:15:37.198 -0700 [Secure conn cfg-mgr trigger update] Sec conn config not changed, No updates needed. 2022-08-24 09:23:20.760 -0700 [Secure conn cfg-mgr trigger update] Sec conn config not changed, No updates needed. 2022-08-24 09:26:21.996 -0700 [Secure conn cfg-mgr trigger update] Sec conn config not changed, No updates needed. 2022-08-24 09:30:30.875 -0700 [Secure conn cfg-mgr trigger update] Sec conn config not changed, No updates needed. 2022-08-24 09:36:30.072 -0700 [Secure conn cfg-mgr trigger update] Sec conn config not changed, No updates needed. 2022-08-24 16:49:14.051 +0000 [Secure conn cfg-mgr trigger update] Sec conn config not changed, No updates needed. 2022-08-24 17:36:53.370 +0000 [Secure conn cfg-mgr trigger update] Sec conn config not changed, No updates needed. 2022-08-25 09:16:20.282 +0000 [Secure conn cfg-mgr trigger update] Sec conn config not changed, No updates needed. 2022-08-25 09:25:50.076 +0000 [Secure conn cfg-mgr trigger update] Sec conn config not changed, No updates needed. 2022-08-25 09:28:28.563 +0000 [Secure conn cfg-mgr trigger update] Sec conn config not changed, No updates needed. 2022-08-25 09:33:37.742 +0000 [Secure conn cfg-mgr trigger update] Sec conn config not changed, No updates needed. 2022-08-25 10:15:07.755 +0000 [Secure conn cfg-mgr trigger update] Sec conn config not changed, No updates needed. 2022-08-25 14:59:51.891 +0000 [Secure conn cfg-mgr trigger update] Sec conn config not changed, No updates needed. 2022-08-25 15:05:42.206 +0000 [Secure conn cfg-mgr trigger update] Sec conn config not changed, No updates needed. 2022-08-25 15:14:44.395 +0000 [Secure conn cfg-mgr trigger update] Sec conn config not changed, No updates needed. 2022-08-25 16:05:12.648 +0000 [Secure conn cfg-mgr trigger update] Sec conn config not changed, No updates needed. 2022-08-26 12:48:57.278 +0000 [Secure conn cfg-mgr trigger update] Sec conn config not changed, No updates needed.

Re: Setting up log collection in Panorama

PavelK — Mon, 29 Aug 2022 06:37:45 GMT

Thank you for reply @alan-griffiths

from the provided log, I am unfortunately not able determine what the issue is and running out of ideas.

Last thing I would do is perform below steps:

In Panorama navigate to: Commit > Push to Device> Edit Selection > Deselect All for Device Groups and Templates > Collector Groups > select Collector Group and click OK and Push.

In Firewall restart log receiver process: debug software restart process log-receiver

Then check logs in Firewall to see there is any error: less mp-log logrcvr.log

Kind Regards

Pavel

Re: Setting up log collection in Panorama

alan-griffiths — Tue, 30 Aug 2022 09:40:59 GMT

After the restart of the logging process the connection status was reported as active, but I still wasn't seeing logs in Panorama. So I did a full restart of Panorama and now logs are showing!

Thanks for your assistance.