WildFire Submissions no logs

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

WildFire Submissions no logs

L6 Presenter

Hi All,

 

PA-3050 PAN-OS 7.1.6

 

While checking WildFire configuration l have noticed strange thing where no logs display on the WildFire Submission or Data Filtering tab:

 

WildFire no Submissions logs.PNG

 

When l test with the KB article below can observe that the test file is sent to the portal and verdict is assigned:

 

https://live.paloaltonetworks.com/t5/Management-Articles/How-to-Test-WildFire-with-a-Fake-Malicious-...

 

Portal.PNG

 

Had exactly the same on our lab firewall where no logs were seen and files are sent to the portal same as file blocking profiles didn't work. I did reboot the box and the issue is gone but l cannot do the same  with this one. Any ideas on how  to fix this?

 

CLI for WildFire status and statistics looks good to me:

 

CLI.PNG

Thx,

Myky

1 accepted solution

Accepted Solutions

L6 Presenter

Hi,

 

The below command did a trick:

 

> debug software restart process vardata-receiver

 

Logs are seen now.

 

Thx,

Myky

View solution in original post

6 REPLIES 6

L4 Transporter

Hi Myky,

 

Hmm seems a bit odd, have a check on the following things:

 

- Logging enabled on the security policy

- Quota for wildfire logs has space (Device > Setup > Logging and Reporting Settings)

- Check the status of the processes on the management plane - show system resources (logrcvr/varrcvr) 

 

hope this helps,

Ben

 

@bmorris1 good points. Will do. For the log space should be fine as it is a new install. 

 

Thx,

Myky

L6 Presenter

Hi,

 

The below command did a trick:

 

> debug software restart process vardata-receiver

 

Logs are seen now.

 

Thx,

Myky

@TranceforLife For some reason I didn't see this one when looking through this morning. I'm not sure what you are running this on but this appears to be a pretty common error that I've seen on 3020s where I probably have to restart vardata-receiver at least once a month to get the logs to start showing again. 

I've slowly started to work in a restart of the boxes once a month and just switching between the HA pairs for all clients running the 3000 series to get away from this issue. I'm not exactly sure why it ever stops in the first place but since it's easy enough to clear up I never really worry about it. 

Hello,

 

Thanks. This is a fist time l run into this issue. Yes it is 3050 device so looks like l need to remember that command :0 Same not sure why this is happening but happy it is fixed.

 

Thx,

Myky

L3 Networker

@TranceforLife   I would like to know because I found this same issue but It is only some file not to show log if use "debug software restart process vardata-receiver" it work? please suggest me.

  • 1 accepted solution
  • 12091 Views
  • 6 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!