Device Telemetry to Cortex Data Lake

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Device Telemetry to Cortex Data Lake

L0 Member

Hello,

 

just finished to setup Cortex Data Lake on my PA-220 (without Panorama, using the Hub).

 

After enabling Telemetry (as asked by 10.0.1) and setting up the Telemetry Region as my Cortex Data Lake region (Europe) the status for Device, Product and Threat is always "Failed" with message "CDL Receiver Destination URL Empty".

 

Schermata 2020-09-29 alle 22.37.32.png

 

On "device_telemetry_send.log" I can see:

2020-09-29 22:00:06,807 dt_send ERROR dst server: set endpoint: region not found on region list.
2020-09-29 22:00:06,810 dt_send ERROR fqdn lookup: endpoint url is empty

 

Where can I set the endpoint?

Thanks!

7 REPLIES 7

L0 Member

More info...

 

Doing a

 

show system state filter-pretty cfg.device-telem

 

I obtain:

 

cfg.device-telem: {
  collect-now: {
    last-attempt: Tue Sep 29 22:03:16 CEST 2020,
    last-filename: PA_012801171939_dt_10.0.1_20200929_2004_NOW.tgz,
    last-request-id: 1601409794,
    last-success: Tue Sep 29 22:03:16 CEST 2020,
    latest-request-id: 1601409794,
    num-of-failed-attempts: 0,
    reason: N/A,
    status: N/A,
  },
  collect-now-canceled: 0x0,
  collect-now-progress: 0,
  collect-now-trigger: 0,
  collect-now-ts: 26690168,
  config-reload: 0x0,
  dest-server: {
    cacert: /tmp/capath/not-used,
    capath: /tmp/capath,
    client-cert: /opt/pancfg/mgmt/ssl/private/012801171939.crt,
    client-cert-path: /opt/pancfg/mgmt/ssl/private,
    client-cert-type: CRT,
    dest-server-ip: 0.0.0.0,
    endpoint: ,
    private-key: /opt/pancfg/mgmt/ssl/private/012801171939.key,
    region: europe,
    use-endpoint: True,
    use-lcaas-cert: False,
  },
  dest-server-ip: 0.0.0.0,
  enabled: True,
  intvl-resend-failed-count: 2,
  logging-services: {
    enabled: no,
    endpoint: ,
    region: americas,
  },
  minute-count: 0x89c3,
  region-list: {
    Americas: {
      endpoint: br-prd1.us.cdl.paloaltonetworks.com,
      region: Americas,
    },
    Europe: {
      endpoint: br-prd1.nl.cdl.paloaltonetworks.com,
      region: Europe,
    },
    UK: {
      endpoint: br-prd1.uk.cdl.paloaltonetworks.com,
      region: UK,
    },
  },
  schedule: {
    20-min-interval: {
      day_intvl: None,
      hour_intvl: None,
      minute_intvl: 0, 20, 40,
      name: 20-min-interval-schedule,
      type: minute,
    },
    4-hr-interval: {
      day_intvl: None,
      hour_intvl: 0, 4, 8, 12, 16, 20,
      minute_intvl: 7,
      name: 4-hr-interval-schedule,
      type: hour,
    },
    7-day-interval: {
      day_intvl: 0,
      hour_intvl: 1,
      minute_intvl: 7,
      name: 7-day-interval-schedule,
      type: day,
    },
  },
  schedule-list: {
    day: {
      7-day-interval: 7-day-interval,
    },
    hour: {
      4-hr-interval: 4-hr-interval,
    },
    minute: {
      20-min-interval: 20-min-interval,
    },
  },
  send-failed-count: 73,
  send-settings: {
    failed_retry_interval: 10,
    fqdn-interval: 10,
    interval: 60,
    max_failed_retries: 3,
    multi-send-per-hour: 0,
  },
  settings: {
    device-health-performance: yes,
    product-usage: yes,
    region: europe,
    status: Device Certificate is valid,
    threat-prevention: yes,
  },
  stats: {
    device-health-performance: {
      last-attempt: Tue Sep 29 23:47:04 CEST 2020,
      last-success: N/A,
      num-of-failed-attempts: 74,
      reason: CDL Receiver Destination URL Empty,
      status: failed,
    },
    product-usage: {
      last-attempt: Tue Sep 29 23:47:04 CEST 2020,
      last-success: N/A,
      num-of-failed-attempts: 74,
      reason: CDL Receiver Destination URL Empty,
      status: failed,
    },
    threat-prevention: {
      last-attempt: Tue Sep 29 23:47:04 CEST 2020,
      last-success: N/A,
      num-of-failed-attempts: 74,
      reason: CDL Receiver Destination URL Empty,
      status: failed,
    },
  },
  system-info: {
    minute-count: 0x43,
    timestamp: 2020/09/05 01:37:01,
  },
  username-required: {
    day: 0,
    hour: 0,
    man: 0,
    minute: 0,
    now: 0,
  },
}

 

I have the same issue.

L1 Bithead

Same issue for me too! It'd be nice to have TAC or PM chime in here on what the issue might be!

FYI...I got mine working.  Part of the issue is that there is a bug where the region being pushed from Panorama is set to "americas" instead of "Americas".  I had to change it via CLI after doing a local override.  You can check by:

 

show device-telemetry settings

 

If it shows "americas" then you have the issue and need to manually set it to Americas:

 

set deviceconfig system device-telemetry region Americas

 

You will have to do a local override first since Panorama is managing that setting prior.  Hope this helps.

My issue was related to the type of support license that was assigned to my firewall. I had to have that fixed by the licensing folks. The error message was 100% unrelated to my real issue. Seems like only one error message exists that gets displayed regardless of what the true underlying issue is.

L2 Linker

Hi,

 

I had this problem before and it has to do with Device Certificate. If you notice, on the WebUI, it shows valid and that was the case for me. However, if you go to cli and run:

 

admin@PA-460> show device-certificate status

 

It might show otherwise or that it wasn't fetched.

I just had to run:

 

admin@PA-460> request certificate fetch

 

and it helped.

You saved my day! Thank you!

  • 13657 Views
  • 7 replies
  • 1 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!