Logging stopped in Pan OS GUI

bino150 · ‎07-08-2014

Hi all,

We had an issue today where we noticed the logging data stopped displaying in the Pan OS GUI (PA-500).. One thing we noticed is after committing a config change, it looks like the firewall was in the process of doing a sync with the backup device. I assume to resolve this problem we need to restart the dataplane? I'm surprised it allowed the commit to occur if a sync was in progress.

Bryan

HULK · ‎07-08-2014

Hello Bino,

Yes, you can run those 2 commands while the FW is UP. It would not impact to the data-plane traffic ( user's traffic through PAN firewall), because daemons are running on Management-plane. For safer side, you may restart log-receiver and management server process after the business hrs.

Thanks

View solution in original post

pulukas · ‎07-08-2014

Logging is handled by the log receiver.

> debug software restart log-receiver

You can check statistics here to see which are not working.

>debug log-receiver statistics

Steve Puluka BSEET - IP Architect - DQE Communications (Metro Ethernet/ISP)
ACE PanOS 6; ACE PanOS 7; ASE 3.0; PSE 7.0 Foundations & Associate in Platform; Cyber Security; Data Center

HULK · ‎07-08-2014

Hello Bino,

Could you please check below mentioned command:

> show logging-status >>>>>>>>> Check last forwarded logs date and time

> debug log-receiver statistics ------ check if below mentioned counters are incrementing

Log Forward discarded (queue full) count: 0 >>>>

Log Forward discarded (send error) count: 0 >>>>

>debug software restart log-receiver

if no change still;

>debug software restart management-server ---- after applying this command, wait for a few minutes. It will log you out from CLI and GUI.

Thanks

bino150 · ‎07-08-2014

Thanks Guys,

I assume the debug software restart log-receiver can be done while the firewall is up? We were thinking of waiting until after business hours do this. Any idea what would cause this issue? I assume maybe it was committing a change at the same time as the sync.

HULK · ‎07-08-2014

Hello Bino,

Yes, you can run those 2 commands while the FW is UP. It would not impact to the data-plane traffic ( user's traffic through PAN firewall), because daemons are running on Management-plane. For safer side, you may restart log-receiver and management server process after the business hrs.

Thanks

View solution in original post

bino150 · ‎07-08-2014

Thanks Hulk

HULK · ‎07-08-2014

You are welcome. :smileyhappy:

bino150 · ‎07-08-2014

Hulk we still seem to have an issue. I ran both debug software restart log-receiver which did not resolve the issue. Same with debug software restart management-server.

if I run debug log-receiver statistics I get the following error see dagger log. Do I need to do this plugged in to the cli port directly. I'm doign this via telnet from my workstation on the LAN.

HULK · ‎07-08-2014

Hello Bino,

If you restart the management-server daemon, you have to wait for a few minutes. It will automatically log out from CLI (SSH), since SSH/web-UI is managed by mgmt-server process. So, please re-login into the PAN firewall and then check with CLI command >debug log-receiver statistics

Thanks

bino150 · ‎07-08-2014

Just logged in again and the error is still coming up. its been a few minutes now,

debug log-receiver statisitcs

Server error: An error occurred. See dagger.log for information.

Logging stopped in Pan OS GUI