Log Forwarding - Traffic Works, Others Do Not

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Log Forwarding - Traffic Works, Others Do Not

L0 Member

I have to be missing something simple, for forwarding logs to a collection server. I can get the traffic logs, no issues, but all the other logs, will not send (Threat, Wildfire...). Do the other logs need some kind of special forwarding, or permissions in the OS? I have all the log types set in one section of the Objects->Log Forward, i am also sending via UDP 514.

 

to me all should be good, since i can see and get the Traffic logs, with no issues, but no other logs will come through, just an odd issue for me.

 

PA-820 with 10.0.2 OS.

4 REPLIES 4

Cyber Elite
Cyber Elite

Hello @DavidSink

 

thanks for posting!

 

PAN-OS 10.0 you are running is end of life. I would recommend to follow upgrade path to at least 10.1: Determine the Upgrade Path to PAN-OS 10.1 or newer.

 

There is no special configuration for threat logs. Could you confirm you can see logs locally in Firewall? Could you check point No.4 of this KB: How to troubleshoot firewall or Panorama log queue issues? Could you also try restarting logging service: "debug software restart log-receiver"?

 

Kind Regards

Pavel 

Help the community: Like helpful comments and mark solutions.

L0 Member

Thanks Paval, i went through the info, and nothing worked. i did however, do a bit of digging through some commands, and found an issue maybe. When i ran "debug log-receiver fwd show" thinking i would maybe see an error, or oddity, it replied "Log fwding from log receiver is not enabled". does this mean that forwarding is turned off, so all the logs with the exception of traffic, will not go outbound? if that is true, forwarding is off then how does/why traffic log goes out?

 

About the OS, we have new devices with the newest OS ready to get racked, but want to get this going so we do not have a bunch junk in a clean install.

 

Dave

Cyber Elite
Cyber Elite

Hello @DavidSink

 

thank you for reply.

 

The message you got looks like expected. I checked the same in multiple Firewalls that are sending logs without any issue and got the same output.

 

- Could you try to restart management process: How to Restart the Management server "mgmtsrvr" Process?

- Are you using any log forwarding filter under: Object > Log Forwarding > [Profile Name] > Log Type Threat > Filter?

 

Kind Regards

Pavel 

 

 

Help the community: Like helpful comments and mark solutions.

Thank you.

  • 494 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!