No logs in the monitor > traffic tab?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

No logs in the monitor > traffic tab?

L0 Member

Hello All,


1.) I have just installed Palo Alto 7.1 in Eve-NG, and  made two interfaces as Vwire with zone Trust and Untrust.

2.) I am able to access access everthing (e.g. internet, ping, etc.) hence policies are working fine  as I have created a policy to allow everything from Trust to Untrust.

 

However I am not able to see any Traffic logs in the GUI it is blank.

Kindly see the below screenshot for your reference and let me know what's the reason please.

no logs.png


Thanks in advance.

22 REPLIES 22

L4 Transporter

This may sound obvious but make sure you are enabling the logging on  the security policies your traffic is hitting. you can log at session start and or sesssion end. 

Hello,

Also the default intra and inter zone policies do not log so you have to set them to log as well.

 

Regards,

Yes i agree with Okta.

MP

Help the community: Like helpful comments and mark solutions.

L0 Member

Hello,

Does anybody got a resolution? I have the same problem with a PA in EVE-NG. Tried 2 different images. thank you

L0 Member

Same issue, logs are not showing in GUI and as well as CLI but logs are being written.

 

admin@PA-VM> show log traffic
Time App From Src Port Source
Rule Action To Dst Port Destination
Src User Dst User End Reason
Rule_UUid
====================================================================================================
admin@PA-VM> debug log-receiver statistics

Logging statistics
------------------------------ -----------
Log incoming rate: 1/sec
Log written rate: 1/sec
Corrupted packets: 0
Corrupted URL packets: 0
Corrupted HTTP HDR packets: 0
Corrupted HTTP HDR Insert packets: 0
Corrupted EMAIL HDR packets: 0
Logs discarded (queue full): 0
Traffic logs written: 120

 

I read that the VM needs to be licensed for monitoring, clustering and some other features to work. Not sure if it’s true

Yes the VM needs to be licensed, 

but you can still see some logs over 

 

Policies>security> "click on your rule" > usage 

 

Or-  from CLI 

> show session all 

 

thanks!

 

did you find a solution, I have the same problem...

L0 Member

 

Palo doesn't log on VM PAN OS without license...

 

 

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Cm2mCAC

you PAN needs to be licensed to see logs 😃 

Agree if it is VM its need license.

Learn something new today

MP

Help the community: Like helpful comments and mark solutions.

L2 Linker

I have the PA-220 happen the same issue

 

The Traffic, Threat, URL Filtering and etc no log after the Aug-2020

 

Anyone know how to solve the problems?

@JamesChim 

 

If you do not see any logs in GUI and it used to work before please go through these links

 

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClozCAC

 

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000CmA4CAK

 

Also as log rece listen on udp port 3012 so run below command 

 


PA)> show netstat listening yes numeric-ports yes all yes | match 3012
udp 0 0 mgmt:47390 mgmt:3012 ESTABLISHED
udp 0 0 *:3012 *:*

Regards

MP

Help the community: Like helpful comments and mark solutions.

My PAN-OS is licensed and also have no logs in the monitor. Logs at session end is on in the policy rules.

ArendvanderKolk_0-1634539750122.png

 

  • 39002 Views
  • 22 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!