08-12-2024 01:50 AM
Hi everyone!
I am kind of bummed on why my syslog configuration is not taking effect.
I have 2 pairs of firewall, PRD(2 firewalls) and DR(2 firewalls). Both are in HA setup and managed by Panorama. My syslog configuration in DR and PRD are just the same. Same server, same settings. For some reason, the syslog in my PRD is not working. So mysterious.
I checked the CLI and it appears it is indeed listening on port 514. My PRD Firewalls are new ones coz I migrated from JUNOS to PANOS.
I use my management for my syslog forwarding.
Is there any thing I missed?
I did everything here correctly: https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-admin/monitoring/use-syslog-for-monitoring/conf...
You can see the output of my checking on the PDF File attached.
Thank you guys in advance!
08-12-2024 03:23 AM
Helloo,
@renzanjo11 wrote:
Hi everyone!
I am kind of bummed on why my syslog configuration is not taking effect.
I have 2 pairs of firewall, PRD(2 firewalls) and DR(2 firewalls). Both are in HA setup and managed by Panorama. My syslog configuration in DR and PRD are just the same. Same server, same settings. For some reason, the syslog in my PRD is not working. So mysterious.
I checked the CLI and it appears it is indeed listening on port 514. My PRD Firewalls are new ones coz I migrated from JUNOS to PANOS.
I use my management for my syslog forwarding.
Is there any thing I missed?
I did everything here correctly: https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-admin/monitoring/use-syslog-for-monitoring/conf...
You can see the output of my checking on the PDF File attached.
Thank you guys in advance!
Troubleshooting Syslog Configuration on Palo Alto Firewalls
Understanding the Issue:
You've configured syslog identically on two pairs of firewalls (PRD and DR) managed by Panorama, but only one pair (DR) is sending logs successfully. This inconsistency is puzzling.
Potential Causes and Troubleshooting Steps:
1. Syslog Server Configuration:Verify server accessibility: Ensure the syslog server is reachable from both PRD and DR firewalls. Test connectivity using tools like ping or telnet. Check firewall rules: Verify that no firewall rules on the syslog server or firewalls are blocking syslog traffic (usually on port 514). Review syslog server configuration: Ensure the syslog server is configured to accept logs from both PRD and DR firewalls.
2. Palo Alto Firewall Configuration:
Verify syslog profile: Double-check the syslog server profile configuration on both PRD and DR firewalls for any discrepancies. Check log forwarding settings: Ensure log forwarding is enabled and configured correctly for all desired log types. Test with basic configuration: Create a simple syslog configuration with minimal settings to isolate the issue.
3. Network Connectivity:
Verify network connectivity: Ensure there are no network issues between the firewalls and the syslog server. Check routing tables: Verify that routing is configured correctly for syslog traffic.
4. Panorama Configuration:
Review Panorama policies: Examine any Panorama policies that might affect syslog forwarding. Check template configurations: Ensure that template configurations are applied consistently to both PRD and DR firewalls.
5. Log Verification:
Check syslog server logs: Look for any error messages or connection attempts from the PRD firewalls. Enable debug logging: Temporarily enable debug logging on the PRD firewalls for more detailed information.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
