https://live.paloaltonetworks.com/t5/general-topics/firewall-is-not-forwarding-logs-to-the-syslog-server/m-p/595404#M118490 <P>Hello&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/304204">@renzanjo11</a></P> <P>&nbsp;</P> <P>thank you for reply.</P> <P>&nbsp;</P> <P>From the output of tcpdump it looks like that syslog traffic is being sent out. Are you able to confirm that your syslog server is receiving traffic? Is there any Firewall / ACL in between?</P> <P>&nbsp;</P> <P>Kind Regards</P> <P>Pavel&nbsp;</P> Tue, 20 Aug 2024 23:33:25 GMT PavelK 2024-08-20T23:33:25Z https://live.paloaltonetworks.com/t5/general-topics/firewall-is-not-forwarding-logs-to-the-syslog-server/m-p/594598#M118341 <P>Hi everyone!&nbsp;</P> <P>&nbsp;</P> <P>I am kind of bummed on why my syslog configuration is not taking effect.</P> <P>&nbsp;</P> <P>I have 2 pairs of firewall, PRD(2 firewalls) and DR(2 firewalls). Both are in HA setup and managed by Panorama. My syslog configuration in DR and PRD are just the same. Same server, same settings. For some reason, the syslog in my PRD is not working. So mysterious.</P> <P>I checked the CLI and it appears it is indeed listening on port 514. My PRD Firewalls are new ones coz I migrated from JUNOS to PANOS.</P> <P>I use my management for my syslog forwarding.&nbsp;</P> <P>Is there any thing I missed?</P> <P>I did everything here correctly:&nbsp;<A href="https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-admin/monitoring/use-syslog-for-monitoring/configure-syslog-monitoring" target="_blank" rel="nofollow noopener noreferrer">https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-admin/monitoring/use-syslog-for-monitoring/conf...</A></P> <P>&nbsp;</P> <P>You can see the output of my checking on the PDF File attached.</P> <P>&nbsp;</P> <P>Thank you guys in advance!&nbsp;</P> Mon, 12 Aug 2024 08:50:01 GMT https://live.paloaltonetworks.com/t5/general-topics/firewall-is-not-forwarding-logs-to-the-syslog-server/m-p/594598#M118341 renzanjo11 2024-08-12T08:50:01Z https://live.paloaltonetworks.com/t5/general-topics/firewall-is-not-forwarding-logs-to-the-syslog-server/m-p/594673#M118363 <P>Hello&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/304204">@renzanjo11</a>&nbsp;</P> <P>&nbsp;</P> <P>from screen shots you provided your configuration looks correct.</P> <P>&nbsp;</P> <P>Could you try to restart management service:&nbsp;<STRONG>debug software restart process management-server</STRONG>. Management service will also restart log receiver service. If it still does not work after management process restart could you please share PAN-OS version firewall is running? Could you also take pcap on management interface?</P> <P>&nbsp;</P> <P>Kind Regards</P> <P>Pavel</P> Tue, 13 Aug 2024 05:38:45 GMT https://live.paloaltonetworks.com/t5/general-topics/firewall-is-not-forwarding-logs-to-the-syslog-server/m-p/594673#M118363 PavelK 2024-08-13T05:38:45Z https://live.paloaltonetworks.com/t5/general-topics/firewall-is-not-forwarding-logs-to-the-syslog-server/m-p/595323#M118473 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/192693">@PavelK</a>&nbsp;,</P> <P>&nbsp;</P> <P>Pcap on the management interface means TCPdump right?</P> <P>If yes, I also included that on my attachment. the image below the syslog forwarding profile configuration.</P> <P>&nbsp;</P> <P>Regards,</P> <P>Renz</P> Tue, 20 Aug 2024 06:44:35 GMT https://live.paloaltonetworks.com/t5/general-topics/firewall-is-not-forwarding-logs-to-the-syslog-server/m-p/595323#M118473 renzanjo11 2024-08-20T06:44:35Z https://live.paloaltonetworks.com/t5/general-topics/firewall-is-not-forwarding-logs-to-the-syslog-server/m-p/595404#M118490 <P>Hello&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/304204">@renzanjo11</a></P> <P>&nbsp;</P> <P>thank you for reply.</P> <P>&nbsp;</P> <P>From the output of tcpdump it looks like that syslog traffic is being sent out. Are you able to confirm that your syslog server is receiving traffic? Is there any Firewall / ACL in between?</P> <P>&nbsp;</P> <P>Kind Regards</P> <P>Pavel&nbsp;</P> Tue, 20 Aug 2024 23:33:25 GMT https://live.paloaltonetworks.com/t5/general-topics/firewall-is-not-forwarding-logs-to-the-syslog-server/m-p/595404#M118490 PavelK 2024-08-20T23:33:25Z