Issue with forwarding logs to Panorama

tamilvanan — Fri, 25 Mar 2022 13:14:06 GMT

Hi Folks,

We have PA-7000 series firewall configured to forward logs to Panorama.

Recently the firewall stopped forwarding logs to Panorama. In the logrcvr msg we could see the below output. Here the 10.0.2.250 is the Panorama and the 10.0.2.252 is the firewall.

On the panorama device summary we could see that the firewall is showing as connected and we are able to commit and push the changes to Firewall from Panorma without any issues.

Do we need to configure LFC on PA-7000 series firewall to forward the logs to the Panorama. Is separate interface need to be configured to forward the logs to Panorama.

2022-03-22 11:20:07   2022-03-22 11:20:07.138 +0530 connecting to remote address 10.0.2.250 @ fd -1
s8lfp0    logrcvr.log                        2022-03-22 11:20:17   2022-03-22 11:20:17.148 +0530 Server IPv4 address 10.0.2.250
s8lfp0    logrcvr.log                        2022-03-22 11:20:17   2022-03-22 11:20:17.148 +0530 Client starting. addr=10.0.2.250 port=3978 retry=2
s8lfp0    logrcvr.log                        2022-03-22 11:20:17   2022-03-22 11:20:17.148 +0530 COMM: Source bind sock 23 to 10.0.2.252 before connect to remote ip [10.0.2.250] @port 3978
s8lfp0    logrcvr.log                        2022-03-22 11:20:20   2022-03-22 11:20:20.147 +0530 Error:  pan_comm_get_tcp_conn_gen(comm_utils.c:604): COMM: cannot connect. remote ip=10.0.2.250 port=3978 err=No route to host(148) sock=23
s8lfp0    logrcvr.log                        2022-03-22 11:20:20   2022-03-22 11:20:20.147 +0530 connecting to remote address 10.0.2.250 @ fd -1
s8lfp0    logrcvr.log                        2022-03-22 11:20:30   2022-03-22 11:20:30.158 +0530 Server IPv4 address 10.0.2.250
s8lfp0    logrcvr.log                        2022-03-22 11:20:30   2022-03-22 11:20:30.158 +0530 Client starting. addr=10.0.2.250 port=3978 retry=3
s8lfp0    logrcvr.log                        2022-03-22 11:20:30   2022-03-22 11:20:30.158 +0530 COMM: Source bind sock 23 to 10.0.2.252 before connect to remote ip [10.0.2.250] @port 3978
s8lfp0    logrcvr.log                        2022-03-22 11:20:33   2022-03-22 11:20:33.157 +0530 Error:  pan_comm_get_tcp_conn_gen(comm_utils.c:604): COMM: cannot connect. remote ip=10.0.2.250 port=3978 err=No route to host(148) sock=23
s8lfp0    logrcvr.log                        2022-03-22 11:20:33   2022-03-22 11:20:33.157 +0530 connecting to remote address 10.0.2.250 @ fd -1
s8lfp0    logrcvr.log                        2022-03-22 11:20:43   2022-03-22 11:20:43.168 +0530 Server IPv4 address 10.0.2.250
s8lfp0    logrcvr.log                        2022-03-22 11:20:43   2022-03-22 11:20:43.168 +0530 Client starting. addr=10.0.2.250 port=3978 retry=4
s8lfp0    logrcvr.log                        2022-03-22 11:20:43   2022-03-22 11:20:43.168 +0530 COMM: Source bind sock 23 to 10.0.2.252 before connect to remote ip [10.0.2.250] @port 3978
s8lfp0    logrcvr.log                        2022-03-22 11:20:46   2022-03-22 11:20:46.167 +0530 Error:  pan_comm_get_tcp_conn_gen(comm_utils.c:604): COMM: cannot connect. remote ip=10.0.2.250 port=3978 err=No route to host(148) sock=23
s8lfp0    logrcvr.log                        2022-03-22 11:20:46   2022-03-22 11:20:46.167 +0530 connecting to remote address 10.0.2.250 @ fd -1
s8lfp0    logrcvr.log                        2022-03-22 11:20:56   2022-03-22 11:20:56.177 +0530 Error:  pan_conn_mgr_do_connect(cs_conn.c:11788): Failed to connect to ip address: 10.0.2.250. Timing out
s8lfp0    logrcvr.log                        2022-03-22 11:20:56   2022-03-22 11:20:56.178 +0530 Error:  pan_conn_mgr_connect_to_server_impl(cs_conn.c:12329): Not able to connect() to server 10.0.2.250

log

topic Issue with forwarding logs to Panorama in Panorama Discussions

Issue with forwarding logs to Panorama