7000 series log forwarding card not forwarding traffic logs to collector

Announcements

Changes to the LIVEcommunity experience are coming soon... Here's what you need to know.

Reply
dan731028
L3 Networker

7000 series log forwarding card not forwarding traffic logs to collector

Hey everybody,
I'm setting up a 7050 with a log forwarding card to a dedicated log collector.  On the log collector, I have it set to device log collection and collector group communication on ethernet1/5.  I have log settings configured as well as a log forwarding profile.  With traffic running through the firewall, I'm seeing hits against rules on the 7050, but when I run "show logging-status device <SERIAL>" I see the destination IP of ethernet1/5, and I'm seeing logs received for system and config, but I'm not getting any traffic logs.  In the panorama manager, I can see the system and config logs, but I'm not seeing any traffic logs.  Any ideas what could be the issue?  

SteveCantwell
Cyber Elite

Can you take a look at this article to see if it helps?

 

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClT3CAK

 

 

Help the community: Like helpful comments and mark solutions
dan731028
L3 Networker

Thanks for the suggestion.  In PAN-OS 9.0 I don't have an option to turn on high speed log forwarding.  I did enable send to all collectors in the preference list, but that didn't seem to change anything. 

 

 

dan731028
L3 Networker

It turned out to be an issue with the optics being used in the log forwarding port.  Once we used a supported optic, everything worked as expected.

domtack
L0 Member

The Log Forwarding Card (LFC) is a high-performance log card that forwards all dataplane logs (traffic and threat for example) from the firewall to one or more external logging systems, such as Panorama or a syslog server. Because the dataplane logs are no longer available on the local firewall, the ACCtab is removed from the management web interface and Monitor > Logscontain only management logs (Configuration, System, and Alarms).

 

There is one LFC model used for both the PA-7050 and PA-7080 firewalls. On the PA-7050 firewall, you must install the LFC in slot 8 and on the PA-7080 firewall you must install the LFC in slot 7.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!