https://live.paloaltonetworks.com/t5/general-topics/pan-next-generation-firewall-3020-can-t-forward-logs-properly-to/m-p/272436#M74921 <P>Hi,</P><P>&nbsp;</P><P>I have found out the problem. It was that the service route was not configured properly and so the logs we not sent via the correct IP/Port. Thank you for your help!</P> Sun, 23 Jun 2019 05:41:58 GMT NutellaPie 2019-06-23T05:41:58Z https://live.paloaltonetworks.com/t5/general-topics/pan-next-generation-firewall-3020-can-t-forward-logs-properly-to/m-p/272418#M74916 <P>Hi,</P><P>&nbsp;</P><P>I'm trying to forward all logs from PAN Firewall 3020 to an external Syslog server. I have followed the guide&nbsp;<A href="https://docs.paloaltonetworks.com/pan-os/7-1/pan-os-admin/monitoring/configure-log-forwarding.html#20823" target="_self">here</A>&nbsp;and have tried to debug the problem by accessing the firewall through CLI but to no avail. However, I think I might have noticed an error from debugging.</P><P>&nbsp;</P><P>By running this line of code, I get the following results:</P><PRE>debug log-receiver statistics</PRE><PRE>Logging statistics ------------------------------ ----------- Log incoming rate: 1/sec Log written rate: 1/sec Corrupted packets: 0 Corrupted URL packets: 0 Corrupted HTTP HDR packets: 0 Logs discarded (queue full): 0 Traffic logs written: 2168177 URL logs written: 0 Wildfire logs written: 0 Anti-virus logs written: 0 Widfire Anti-virus logs written: 0 Spyware logs written: 0 Attack logs written: 0 Vulnerability logs written: 0 Fileext logs written: 0 URL cache age out count: 0 URL cache full count: 0 URL cache key exist count: 0 URL cache wrt incomplete http hdrs count: 0 URL cache rcv http hdr before url count: 0 URL cache full drop count(url log not received): 0 URL cache age out drop count(url log not received): 0 Traffic alarms dropped due to sysd write failures: 0 Traffic alarms dropped due to global rate limiting: 0 Traffic alarms dropped due to each source rate limiting: 0 Traffic alarms generated count: 0 Log Forward count: 0 Log Forward discarded (queue full) count: 0 Log Forward discarded (send error) count: 0 Summary Statistics: Num current drop entries in trsum:0 Num cumulative drop entries in trsum:0 Num current drop entries in thsum:0 Num cumulative drop entries in thsum:0 External Forwarding stats: Type Enqueue Count Send Count Drop Count Queue Depth Send Rate(last 1min) syslog 58338 58338 0 0 0 snmp 0 0 0 0 0 email 0 0 0 0 0 raw 0 0 0 0 0</PRE><P>I noticed that the send rate is 0 but the enqueue and send count is quite high, but I can't seem to find any logs that state the reason why it is not being sent to my external syslog server. Could anyone help me with this issue please? Thank you!</P> Sat, 22 Jun 2019 19:05:36 GMT https://live.paloaltonetworks.com/t5/general-topics/pan-next-generation-firewall-3020-can-t-forward-logs-properly-to/m-p/272418#M74916 NutellaPie 2019-06-22T19:05:36Z https://live.paloaltonetworks.com/t5/general-topics/pan-next-generation-firewall-3020-can-t-forward-logs-properly-to/m-p/272426#M74918 <P>give us output of show logging status</P><P>is correect log forwarding profile applied to security rules?</P><P>&nbsp;</P><P>Do you see traffic logs in the monitar tab?</P> Sat, 22 Jun 2019 19:41:57 GMT https://live.paloaltonetworks.com/t5/general-topics/pan-next-generation-firewall-3020-can-t-forward-logs-properly-to/m-p/272426#M74918 MP18 2019-06-22T19:41:57Z https://live.paloaltonetworks.com/t5/general-topics/pan-next-generation-firewall-3020-can-t-forward-logs-properly-to/m-p/272436#M74921 <P>Hi,</P><P>&nbsp;</P><P>I have found out the problem. It was that the service route was not configured properly and so the logs we not sent via the correct IP/Port. Thank you for your help!</P> Sun, 23 Jun 2019 05:41:58 GMT https://live.paloaltonetworks.com/t5/general-topics/pan-next-generation-firewall-3020-can-t-forward-logs-properly-to/m-p/272436#M74921 NutellaPie 2019-06-23T05:41:58Z