This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Log Forwarding - Traffic Works, Others Do Not

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Log Forwarding - Traffic Works, Others Do Not

DavidSink
L0 Member

‎10-28-2024 07:22 AM

I have to be missing something simple, for forwarding logs to a collection server. I can get the traffic logs, no issues, but all the other logs, will not send (Threat, Wildfire...). Do the other logs need some kind of special forwarding, or permissions in the OS? I have all the log types set in one section of the Objects->Log Forward, i am also sending via UDP 514.

 

to me all should be good, since i can see and get the Traffic logs, with no issues, but no other logs will come through, just an odd issue for me.

 

PA-820 with 10.0.2 OS.

0 Likes Likes
4 REPLIES 4

PavelK
Cyber Elite
Cyber Elite

‎10-28-2024 02:48 PM

Hello @DavidSink

 

thanks for posting!

 

PAN-OS 10.0 you are running is end of life. I would recommend to follow upgrade path to at least 10.1: Determine the Upgrade Path to PAN-OS 10.1 or newer.

 

There is no special configuration for threat logs. Could you confirm you can see logs locally in Firewall? Could you check point No.4 of this KB: How to troubleshoot firewall or Panorama log queue issues? Could you also try restarting logging service: "debug software restart log-receiver"?

 

Kind Regards

Pavel 

Help the community: Like helpful comments and mark solutions.
0 Likes Likes

DavidSink
L0 Member

‎10-29-2024 11:28 AM

Thanks Paval, i went through the info, and nothing worked. i did however, do a bit of digging through some commands, and found an issue maybe. When i ran "debug log-receiver fwd show" thinking i would maybe see an error, or oddity, it replied "Log fwding from log receiver is not enabled". does this mean that forwarding is turned off, so all the logs with the exception of traffic, will not go outbound? if that is true, forwarding is off then how does/why traffic log goes out?

 

About the OS, we have new devices with the newest OS ready to get racked, but want to get this going so we do not have a bunch junk in a clean install.

 

Dave

0 Likes Likes

PavelK
Cyber Elite
Cyber Elite

‎11-05-2024 05:16 PM

Hello @DavidSink

 

thank you for reply.

 

The message you got looks like expected. I checked the same in multiple Firewalls that are sending logs without any issue and got the same output.

 

- Could you try to restart management process: How to Restart the Management server "mgmtsrvr" Process?

- Are you using any log forwarding filter under: Object > Log Forwarding > [Profile Name] > Log Type Threat > Filter?

 

Kind Regards

Pavel 

 

 

Help the community: Like helpful comments and mark solutions.

AddysonFord
L0 Member
In response to PavelK

‎11-13-2024 12:38 AM

Thank you.

0 Likes Likes
  • 465 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks