Device Telemetry to Cortex Data Lake

Announcements

Changes to the LIVEcommunity experience are coming soon... Here's what you need to know.

Reply
duccio
L0 Member

Device Telemetry to Cortex Data Lake

Hello,

 

just finished to setup Cortex Data Lake on my PA-220 (without Panorama, using the Hub).

 

After enabling Telemetry (as asked by 10.0.1) and setting up the Telemetry Region as my Cortex Data Lake region (Europe) the status for Device, Product and Threat is always "Failed" with message "CDL Receiver Destination URL Empty".

 

Schermata 2020-09-29 alle 22.37.32.png

 

On "device_telemetry_send.log" I can see:

2020-09-29 22:00:06,807 dt_send ERROR dst server: set endpoint: region not found on region list.
2020-09-29 22:00:06,810 dt_send ERROR fqdn lookup: endpoint url is empty

 

Where can I set the endpoint?

Thanks!

duccio
L0 Member

More info...

 

Doing a

 

show system state filter-pretty cfg.device-telem

 

I obtain:

 

cfg.device-telem: {
  collect-now: {
    last-attempt: Tue Sep 29 22:03:16 CEST 2020,
    last-filename: PA_012801171939_dt_10.0.1_20200929_2004_NOW.tgz,
    last-request-id: 1601409794,
    last-success: Tue Sep 29 22:03:16 CEST 2020,
    latest-request-id: 1601409794,
    num-of-failed-attempts: 0,
    reason: N/A,
    status: N/A,
  },
  collect-now-canceled: 0x0,
  collect-now-progress: 0,
  collect-now-trigger: 0,
  collect-now-ts: 26690168,
  config-reload: 0x0,
  dest-server: {
    cacert: /tmp/capath/not-used,
    capath: /tmp/capath,
    client-cert: /opt/pancfg/mgmt/ssl/private/012801171939.crt,
    client-cert-path: /opt/pancfg/mgmt/ssl/private,
    client-cert-type: CRT,
    dest-server-ip: 0.0.0.0,
    endpoint: ,
    private-key: /opt/pancfg/mgmt/ssl/private/012801171939.key,
    region: europe,
    use-endpoint: True,
    use-lcaas-cert: False,
  },
  dest-server-ip: 0.0.0.0,
  enabled: True,
  intvl-resend-failed-count: 2,
  logging-services: {
    enabled: no,
    endpoint: ,
    region: americas,
  },
  minute-count: 0x89c3,
  region-list: {
    Americas: {
      endpoint: br-prd1.us.cdl.paloaltonetworks.com,
      region: Americas,
    },
    Europe: {
      endpoint: br-prd1.nl.cdl.paloaltonetworks.com,
      region: Europe,
    },
    UK: {
      endpoint: br-prd1.uk.cdl.paloaltonetworks.com,
      region: UK,
    },
  },
  schedule: {
    20-min-interval: {
      day_intvl: None,
      hour_intvl: None,
      minute_intvl: 0, 20, 40,
      name: 20-min-interval-schedule,
      type: minute,
    },
    4-hr-interval: {
      day_intvl: None,
      hour_intvl: 0, 4, 8, 12, 16, 20,
      minute_intvl: 7,
      name: 4-hr-interval-schedule,
      type: hour,
    },
    7-day-interval: {
      day_intvl: 0,
      hour_intvl: 1,
      minute_intvl: 7,
      name: 7-day-interval-schedule,
      type: day,
    },
  },
  schedule-list: {
    day: {
      7-day-interval: 7-day-interval,
    },
    hour: {
      4-hr-interval: 4-hr-interval,
    },
    minute: {
      20-min-interval: 20-min-interval,
    },
  },
  send-failed-count: 73,
  send-settings: {
    failed_retry_interval: 10,
    fqdn-interval: 10,
    interval: 60,
    max_failed_retries: 3,
    multi-send-per-hour: 0,
  },
  settings: {
    device-health-performance: yes,
    product-usage: yes,
    region: europe,
    status: Device Certificate is valid,
    threat-prevention: yes,
  },
  stats: {
    device-health-performance: {
      last-attempt: Tue Sep 29 23:47:04 CEST 2020,
      last-success: N/A,
      num-of-failed-attempts: 74,
      reason: CDL Receiver Destination URL Empty,
      status: failed,
    },
    product-usage: {
      last-attempt: Tue Sep 29 23:47:04 CEST 2020,
      last-success: N/A,
      num-of-failed-attempts: 74,
      reason: CDL Receiver Destination URL Empty,
      status: failed,
    },
    threat-prevention: {
      last-attempt: Tue Sep 29 23:47:04 CEST 2020,
      last-success: N/A,
      num-of-failed-attempts: 74,
      reason: CDL Receiver Destination URL Empty,
      status: failed,
    },
  },
  system-info: {
    minute-count: 0x43,
    timestamp: 2020/09/05 01:37:01,
  },
  username-required: {
    day: 0,
    hour: 0,
    man: 0,
    minute: 0,
    now: 0,
  },
}

 

tabner
L2 Linker

I have the same issue.

mdensley
L0 Member

Same issue for me too! It'd be nice to have TAC or PM chime in here on what the issue might be!

tabner
L2 Linker

FYI...I got mine working.  Part of the issue is that there is a bug where the region being pushed from Panorama is set to "americas" instead of "Americas".  I had to change it via CLI after doing a local override.  You can check by:

 

show device-telemetry settings

 

If it shows "americas" then you have the issue and need to manually set it to Americas:

 

set deviceconfig system device-telemetry region Americas

 

You will have to do a local override first since Panorama is managing that setting prior.  Hope this helps.

mdensley
L0 Member

My issue was related to the type of support license that was assigned to my firewall. I had to have that fixed by the licensing folks. The error message was 100% unrelated to my real issue. Seems like only one error message exists that gets displayed regardless of what the true underlying issue is.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!