- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
08-12-2024 01:50 AM
Hi everyone!
I am kind of bummed on why my syslog configuration is not taking effect.
I have 2 pairs of firewall, PRD(2 firewalls) and DR(2 firewalls). Both are in HA setup and managed by Panorama. My syslog configuration in DR and PRD are just the same. Same server, same settings. For some reason, the syslog in my PRD is not working. So mysterious.
I checked the CLI and it appears it is indeed listening on port 514. My PRD Firewalls are new ones coz I migrated from JUNOS to PANOS.
I use my management for my syslog forwarding.
Is there any thing I missed?
I did everything here correctly: https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-admin/monitoring/use-syslog-for-monitoring/conf...
You can see the output of my checking on the PDF File attached.
Thank you guys in advance!
08-12-2024 10:38 PM
Hello @renzanjo11
from screen shots you provided your configuration looks correct.
Could you try to restart management service: debug software restart process management-server. Management service will also restart log receiver service. If it still does not work after management process restart could you please share PAN-OS version firewall is running? Could you also take pcap on management interface?
Kind Regards
Pavel
08-19-2024 11:44 PM
Hi @PavelK ,
Pcap on the management interface means TCPdump right?
If yes, I also included that on my attachment. the image below the syslog forwarding profile configuration.
Regards,
Renz
08-20-2024 04:33 PM
Hello @renzanjo11
thank you for reply.
From the output of tcpdump it looks like that syslog traffic is being sent out. Are you able to confirm that your syslog server is receiving traffic? Is there any Firewall / ACL in between?
Kind Regards
Pavel
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!