WildFire Submissions no logs

L6 Presenter

WildFire Submissions no logs

Hi All,

 

PA-3050 PAN-OS 7.1.6

 

While checking WildFire configuration l have noticed strange thing where no logs display on the WildFire Submission or Data Filtering tab:

 

WildFire no Submissions logs.PNG

 

When l test with the KB article below can observe that the test file is sent to the portal and verdict is assigned:

 

https://live.paloaltonetworks.com/t5/Management-Articles/How-to-Test-WildFire-with-a-Fake-Malicious-...

 

Portal.PNG

 

Had exactly the same on our lab firewall where no logs were seen and files are sent to the portal same as file blocking profiles didn't work. I did reboot the box and the issue is gone but l cannot do the same  with this one. Any ideas on how  to fix this?

 

CLI for WildFire status and statistics looks good to me:

 

CLI.PNG

Thx,

Myky

L4 Transporter

Re: WildFire Submission no logs

Hi Myky,

 

Hmm seems a bit odd, have a check on the following things:

 

- Logging enabled on the security policy

- Quota for wildfire logs has space (Device > Setup > Logging and Reporting Settings)

- Check the status of the processes on the management plane - show system resources (logrcvr/varrcvr) 

 

hope this helps,

Ben

 

L6 Presenter

Re: WildFire Submission no logs

@bmorris1 good points. Will do. For the log space should be fine as it is a new install. 

 

Thx,

Myky

Highlighted
L6 Presenter

Re: WildFire Submission no logs

Hi,

 

The below command did a trick:

 

> debug software restart process vardata-receiver

 

Logs are seen now.

 

Thx,

Myky

L7 Applicator

Re: WildFire Submission no logs

@TranceforLife For some reason I didn't see this one when looking through this morning. I'm not sure what you are running this on but this appears to be a pretty common error that I've seen on 3020s where I probably have to restart vardata-receiver at least once a month to get the logs to start showing again. 

I've slowly started to work in a restart of the boxes once a month and just switching between the HA pairs for all clients running the 3000 series to get away from this issue. I'm not exactly sure why it ever stops in the first place but since it's easy enough to clear up I never really worry about it. 

L6 Presenter

Re: WildFire Submission no logs

Hello,

 

Thanks. This is a fist time l run into this issue. Yes it is 3050 device so looks like l need to remember that command :0 Same not sure why this is happening but happy it is fixed.

 

Thx,

Myky

L3 Networker

Re: WildFire Submissions no logs

@TranceforLife   I would like to know because I found this same issue but It is only some file not to show log if use "debug software restart process vardata-receiver" it work? please suggest me.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!