topic Re: Threat Activity (ACC) and Monitor-LOGS-threats are empty in General Topics https://live.paloaltonetworks.com/t5/general-topics/threat-activity-acc-and-monitor-logs-threats-are-empty/m-p/425146#M94327 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/172299">@Ots-network</a>,</P><P>Have you tried actually restarting the firewall and not just the mgmt server? Are you actually sure that no changes have been made and someone maybe didn't accidentally remove the security group/profile from your policies?&nbsp;</P><P>The first thing I would do is verify through my traffic logs that traffic is hitting rules that actually have a security group/profiles assigned to it so that threat logs would actually be generated. Then I would just generate something stupid that I know should be getting logged as a threat, such as a directory traversal attempt or a simple unauthorized brute force attach on a login page.&nbsp;</P> Fri, 06 Aug 2021 15:51:18 GMT BPry 2021-08-06T15:51:18Z Threat Activity (ACC) and Monitor-LOGS-threats are empty https://live.paloaltonetworks.com/t5/general-topics/threat-activity-acc-and-monitor-logs-threats-are-empty/m-p/425054#M94320 <P>As the title suggest i have on my fw (pan os 10.0.4)&nbsp;Threat Activity (ACC) and Monitor-LOGS-threats totally empty.<BR />Since few weeks ago no problem and all the other logs work fine.</P><P>And no changes have been made.<BR />Any ideas?<BR /><BR />already restart mgmt service withuot success.</P><P>&nbsp;</P> Fri, 06 Aug 2021 09:59:04 GMT https://live.paloaltonetworks.com/t5/general-topics/threat-activity-acc-and-monitor-logs-threats-are-empty/m-p/425054#M94320 Ots-network 2021-08-06T09:59:04Z Re: Threat Activity (ACC) and Monitor-LOGS-threats are empty https://live.paloaltonetworks.com/t5/general-topics/threat-activity-acc-and-monitor-logs-threats-are-empty/m-p/425146#M94327 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/172299">@Ots-network</a>,</P><P>Have you tried actually restarting the firewall and not just the mgmt server? Are you actually sure that no changes have been made and someone maybe didn't accidentally remove the security group/profile from your policies?&nbsp;</P><P>The first thing I would do is verify through my traffic logs that traffic is hitting rules that actually have a security group/profiles assigned to it so that threat logs would actually be generated. Then I would just generate something stupid that I know should be getting logged as a threat, such as a directory traversal attempt or a simple unauthorized brute force attach on a login page.&nbsp;</P> Fri, 06 Aug 2021 15:51:18 GMT https://live.paloaltonetworks.com/t5/general-topics/threat-activity-acc-and-monitor-logs-threats-are-empty/m-p/425146#M94327 BPry 2021-08-06T15:51:18Z