Panorama Query Log Fails
cancel
Showing results for 
Search instead for 
Did you mean: 

Panorama Query Log Fails

L2 Linker

Hello all

 

I run into a failure on Playbook Panorama Query Logs.

The failure is:

"Set vsys for firewall or Device group for Panorama"

 

This happen on the GeneralPolling Playbook and there at the task RunPollingCommand.

 

I've defined Device Group and asking Panorama - but the failure still occours.

Does anyone have any Idea, what this could be?

 

thanks

roger

5 REPLIES 5

L1 Bithead

Hey Roger.

I was able to query panorama logs successfully.
Where did you define the `Device Group`?
It should be defined in the instance configuration.

Bar.

Hello Bkatzir

 

I've defined the Device Group in the Integrations (where all the settings are defined for Panorama)

It's name is:

Device group - Panorama instances only (write shared for Shared location)

and there is "shared" in it...

 

Thank you

roger

Can you upload some screenshots or send them to me?
I'm interested in knowing that you are indeed running the commands/Playbooks from the correctly configured instance.
bkatzir@paloaltonetworks.com

Hello bkatzir

 

I've send you just now an E-Mail

 

Thank you

roger

For future reference:
After a correct configuration of the integration instance we have been encountering

```
calling panorama_get_traffic_logs(‘32936’,)
Query logs failed. Reason is: Query timed out
```

This error comes from the pan-os. the search query job which we are creating is timing out.
I talked with the pan-os team - there is no way to lengthen the TTL of the job via the API.

A case was created to the pan-os team: 01731887

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!