I'm setting up a 7050 with a log forwarding card to a dedicated log collector. On the log collector, I have it set to device log collection and collector group communication on ethernet1/5. I have log settings configured as well as a log forwarding profile. With traffic running through the firewall, I'm seeing hits against rules on the 7050, but when I run "show logging-status device <SERIAL>" I see the destination IP of ethernet1/5, and I'm seeing logs received for system and config, but I'm not getting any traffic logs. In the panorama manager, I can see the system and config logs, but I'm not seeing any traffic logs. Any ideas what could be the issue?
The Log Forwarding Card (LFC) is a high-performance log card that forwards all dataplane logs (traffic and threat for example) from the firewall to one or more external logging systems, such as Panorama or a syslog server. Because the dataplane logs are no longer available on the local firewall, the ACCtab is removed from the management web interface and Monitor > Logscontain only management logs (Configuration, System, and Alarms).
There is one LFC model used for both the PA-7050 and PA-7080 firewalls. On the PA-7050 firewall, you must install the LFC in slot 8 and on the PA-7080 firewall you must install the LFC in slot 7.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!