This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
設定和導入
產品設定,方案導入等相關指南
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
About 設定和導入
產品設定,方案導入等相關指南

如何解決Panorama從防火牆的日誌到特定日誌服務器的日誌不顯示的問題

環境 Panorama 日誌服務器(Log-collector) 所有PAN-OS   步驟 1.確認防火牆有正確設定將最新的日誌轉發到日誌服務器上。 show logging-status Log Collector : <log-collector-serial-number> Connection IP : <log-collector-ip> Type Last Log Rcvd Last Seq Num Rcvd Last Log Generated traffic 2019/04/11 11:42:41 2019/04/11 11:42:42 6609236175355591718 6609236175355518694 50331542011 threat 2019/04/11 11:42:33 2019/04/11 11:42:34 6609236125161751868 6609236125161751455 349295414 在日誌服務器上確認它已經收到日誌。 > show logging-status device <firewall-serial-number> 2. 確保日誌服務器有今天的es-indices,而且正在增加。並確認在Panorama上也能看到。 dmin@Logger> show log-collector-es-indices | match 20190410 green open pan_20190410_trsum_<log-collector-serial-number> 4 0 104857195 0 28.9gb 28.9gb green open pan_20190410_all_<log-collector-serial-number> 8 0 803025297 0 297gb 297gb admin@PANORAMA> show log-collector-es-indices log-collector-grp-name <log-collector-group-name> | match 20190410 green open pan_20190410_trsum_<log-collector-serial-number> 4 0 104857195 0 28.9gb 28.9gb green open pan_20190410_all_<log-collector-serial-number> 8 0 803025297 0 297gb 297gb 3. 檢查panorama和日誌服務器的網路傳輸狀態。檢查日誌服務器與panorama之間的連線已建立。而在panorama上亦顯示日誌服務器連線也已建立。 admin@Logger> show netstat all yes numeric yes | match <panorama-ip> tcp 0 0 <log-collector-ip>:42795 <panorama-ip>:3978 ESTABLISHED admin@PANORAMA(primary-active)> show netstat all yes numeric yes | match <log-collector-ip> tcp 0 0 <panorama-ip>:3978 <log-collector-ip>:42795 ESTABLISHED 4. 此時,當日誌從防火牆發送到日誌服務器,並且日誌服務器已對其做正確的索引工作,您需要確保日誌服務器上可以看到panorama發給日誌服務器的查詢,並且正確執行。 可以執行下面的指令來找出panorama無法從日誌服務器獲取日誌的原因。 (注意:執行前請先確認Panorama系統資源使用狀況,並與服務商技術人員確認) > debug management-server tracing set marker test level high type query > debug management-server on debug > debug reportd on debug   在此之後,我们可以在日誌服務器中檢查eportd的日誌,找到在panorama上運行的查詢和向日誌服務器發出的請求及日誌服務器的回應記錄。   2019-04-11 13:26:48.192 +0530 tracing:test_6399 pan_handle_logger_dlcq_init(pan_cfg_logmgr_task.c:12436)。Q: INIT. remote_job_id 6399, query_id 12794, rectype traffic, direction 1, num_recs_buffered 1100, num_segments 512, query '(((receive_time leq now)) and (device-group eq 'FW-DG')), query_len 65 結束後,請記得停止tracing, debug程序。   您可以從 panorama和日誌服務器中收集技術支援檔案(Tech Support File),並提供給相對應的案件支援窗口(TAC Support),以便進一步調查。      
View full article
No ratings
‎04-08-2023 07:40 AM
  • 1 Posts
  • 25 Subscriptions
Customer Advisories

Your security posture is important to us. If you’re a Palo Alto Networks customer, be sure to login to see the latest critical announcements and updates in our Customer Advisories area.

Check for updates

Learn how to subscribe to and receive email notifications here.

Listen to PANCast
Listen to PANCast

PANCast is a Palo Alto Networks podcast that provides actionable insights to customers, helping you maximize your investment while improving your cybersecurity posture.

Listen to PANCast now
Top Contributors
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks