Firewall is not forwarding logs to the Syslog server

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Firewall is not forwarding logs to the Syslog server

L3 Networker

Hi everyone! 

 

I am kind of bummed on why my syslog configuration is not taking effect.

 

I have 2 pairs of firewall, PRD(2 firewalls) and DR(2 firewalls). Both are in HA setup and managed by Panorama. My syslog configuration in DR and PRD are just the same. Same server, same settings. For some reason, the syslog in my PRD is not working. So mysterious.

I checked the CLI and it appears it is indeed listening on port 514. My PRD Firewalls are new ones coz I migrated from JUNOS to PANOS.

I use my management for my syslog forwarding. 

Is there any thing I missed?

I did everything here correctly: https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-admin/monitoring/use-syslog-for-monitoring/conf...

 

You can see the output of my checking on the PDF File attached.

 

Thank you guys in advance! 

3 REPLIES 3

Cyber Elite
Cyber Elite

Hello @renzanjo11 

 

from screen shots you provided your configuration looks correct.

 

Could you try to restart management service: debug software restart process management-server. Management service will also restart log receiver service. If it still does not work after management process restart could you please share PAN-OS version firewall is running? Could you also take pcap on management interface?

 

Kind Regards

Pavel

Help the community: Like helpful comments and mark solutions.

Hi @PavelK ,

 

Pcap on the management interface means TCPdump right?

If yes, I also included that on my attachment. the image below the syslog forwarding profile configuration.

 

Regards,

Renz

Cyber Elite
Cyber Elite

Hello @renzanjo11

 

thank you for reply.

 

From the output of tcpdump it looks like that syslog traffic is being sent out. Are you able to confirm that your syslog server is receiving traffic? Is there any Firewall / ACL in between?

 

Kind Regards

Pavel 

Help the community: Like helpful comments and mark solutions.
  • 607 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!