- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
09-20-2017 04:59 AM
I added the Device yesterday to Panorama and everything was fine. Logs were shipping to Panorama from device as expected and at about 9:50 PM, I see a stop in the logs so I assume the device became disconnected at that point. From the device I can ping the Panorama so connectivity is there. No changes were made last night.
What else can I check?
09-20-2017 05:21 AM
Hi @s.williams1,
There are a couple of checks you could perform.
I'd start by verifying that the device & panorama have connectivity, i.e.:
On Device
admin@PA-4050> show panorama-status
Panorama Server 1 : 10.30.1.134
State : Unknown
Verify logrcvr status on the device:
admin@PA-4050> show system software status | match logrcvr
Process logrcvr running (pid: 1606)
Restart may be required if not running.
On the device verify logs are being actively written to the appliance, forwarding, etc..:
admin@PA-4050> debug log-receiver statistics
Logging statistics
------------------------------ -----------
Log incoming rate: 30/sec
Log written rate: 30/sec
Corrupted packets: 0
Corrupted URL packets: 0
Logs discarded (queue full): 0
Traffic logs written: 7071520
URL logs written: 725
Anti-virus logs written: 0
Spyware logs written: 0
Attack logs written: 0
Vulnerability logs written: 0
Fileext logs written: 2993
URL cache age out count: 440
URL cache full count: 0
Traffic alarms dropped due to sysd write failures: 0
Traffic alarms dropped due to global rate limiting: 0
Traffic alarms dropped due to each source rate limiting: 0
Traffic alarms generated count: 0
Log Forward in queue count: 0
Log Forward count: 7070916
Log Forward discarded (queue full) count: 0
Log Forward discarded (send error) count: 0
On Panorama (verify if devices are connected):
admin@Panorama> show devices connected
Serial Hostname IP Connected
--------------------------------------------------------------------------
0001A100236 PA-4050 10.30.14.80 yes
Verify logging status on Panorama (last log forwarded from device, etc...):
admin@Panorama> show logging-status device <device_serial_number>
Type Last Log rcvd Last SeqNo. rcvd Last Log generated
config 2017/04/03 18:02:01 145 2017/01/19 16:12:17
system 2017/03/30 11:18:01 15835 2017/01/19 16:13:49
threat
traffic
hipmatch
If there is a gap in logging (logs not forwarding to Panorama) & connectivity to/from devices does not appear to be an issue, etc…, you could issue the following commands in sequence on Panorama via CLI to restart the log-forwarding process :
Afterwards, issue the following command from CLI on Panorama as well as verify via the WebUI/Monitor tab:
admin@Panorama> show logging-status device <device_serial_number>
Type Last Log rcvd Last SeqNo. rcvd Last Log generated
config 2017/04/19 20:02:01 235 2017/04/19 20:00:17
system 2017/04/19 12:18:01 19935 2017/04/19 12:08:49
threat
traffic
hipmatch
Hope this helps,
-Kiwi.
09-20-2017 05:32 AM
All checks out. The device shows disconnected so it doesnt show ip in many outputs. The logs are running good ont he local device just not connected to Panorama so therefore not forwarding.
From device I can ping Panorama, and Panorama I can ping device, no firewalls are in between.
Silly question, but can a device that is currently not on support be managed in the Panorama?
The only thing I see in the logs is the Panorama going out to updates.paloaltonetworks.com and doing some kind of deployment job update license task?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!