Devices Stopped Sending Logs to Panorama

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Devices Stopped Sending Logs to Panorama

L4 Transporter

We have five (5) devices managed through Panorama. Two of them are still generating logs, while three of them have stopped sending logs. Please assist.

 

it the logs Stops to receive from the device and The traffic and threat logs can be viewed when looking directly on the firewalls, but are not visible on Panorama

 

It has noted that panorama could not able to receive logs from 800 series firewalls But panorama able to receive the logs from the 5k series firewall.


Appliance: M-200
Firmware Version: 8.1.7

6 REPLIES 6

Cyber Elite
Cyber Elite

is log forwarding enabled on those devices that are unable to send?

Is the panorama accessible from the firewalls?

 

what is the output for show logging-status?

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization

Thank you for the update,

  • all of sudden the firewall logs are stopped to receive on a panorama device.
  • It has noted that panorama could not able to receive logs from 800 series firewall.
  • But panorama able to receive the logs from the 5k series firewall.
  • Checked logs settings and forward settings, which is ok.
  • Panorama and all the firewalls are in the same network.
  • Panorama Disk space having enough space.

I have followed this article too.. but the issue remains the same.

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClFCCA0

Hi @Mohammed_Yasin,

 

what version are you currently running?

I experienced similar problems on Panorama 9.0.5 - after upgrading to 9.0.9h1 it's fine again.

Logs were forwarded to Panorama, but not processed correctly.

 

In addition: Please check on tcp/3978 if the traffic is correclty send to panorama

 

Regards

Chacko

Best Regards
Chacko

Thank you for the comment.

 

PAN-OS 8.1.7

any way you could give 8.1.15 a try, as .7 is already quite old and might have a bug?

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization

I can see them from the device system monitor that,

 

( description contains 'Disconnected from Log collector Server: XX.XX.XX.X. , source: XX.XX.X.X' )

  • 5569 Views
  • 6 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!