Connecting FW on PAN-OS 9.0.1 to Cortex Data Lake (logging Services)

L5 Sessionator

Connecting FW on PAN-OS 9.0.1 to Cortex Data Lake (logging Services)

I've sucesfully connected FW 8.1.x to Data lake but am having issues connecting one on 9.0.1. Both are managed by the same Panorama (PAN-OS 9.0.1). The difference is that on non-working one I have disabled Panorma Policy and Objects. But logging service setting is under template setting anyway. 


License seems to be ok. First error says "No certificate found" but there isn't any certificate configuration required for logging service. The second error says "Logging Service Preference List is malformed". No idea how to check/fix that.


Any Ideas? 


The status it shows is:



@PA-3060> request logging-service-forwarding status

Logging Service Licensed: Yes
Logging Service forwarding enabled: Yes
Duplicate logging enabled: No
Enhanced application logging enabled: Yes

Logging Service License Status:
        Status: success
        Expiration date: June 22, 2019
        Msg: License is valid
        Last Fetched: 2019/05/16 10:44:43




Logging Service Certificate information: 
         No certificate found

Logging Service Customer file information: 
        Info: Failed to fetch ingest/query FQDN for customer (curl failed)
        Status: failure
        Last Fetched: 2019/05/20 10:01:07

Logging Service Preference List is malformed


L0 Member

Re: Connecting FW on PAN-OS 9.0.1 to Cortex Data Lake (logging Services)

You can manually request the certificate.


This will show you the status of the cert

request logging-service-forwarding certificate info


This will fetch the cert

request logging-service-forwarding certificate fetch


Run the first command again in a few seconds to see that it was successful. The "status" link in the GUI should show successful connection. 


I had to run this on all of my firewalls to get them working. The "Device Connected" dot stayed grey but data was flowing.


L5 Sessionator

Re: Connecting FW on PAN-OS 9.0.1 to Cortex Data Lake (logging Services)

Only resetting the certificates didn't help in my case.


But this worked:


1. You should delete all the license keys for this Firewall and then fetch them back.
at the CLI:
delete license key ? delete each one
Fetch them back on the GUI

2. From the Panorama ...Panorama>Device Deployment>License.
Click refresh for this firewall

3. Delete the certificate
request logging-service-forwarding certificate delete
request logging-service-forwarding certificate fetch

4. Re-fetch customer info
request logging-service-forwarding certificate info

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!