I have an interesting issue of most of my firewalls not sending logs to the log collector. Have only a 20% success ratio with successful log collection thus far.
I see the below in the below:
Log Collector : 000710004755
Conn ID : lr-10.95.87.8-2
Connection IP : 10.95.87.8
Conn Source IP : lr - def
High speed mode : Disabled
Connection Status : lr - Inactive
msg : Successfully resolved FQDN for connid (lr-10.95.87.8-2-def), IP (10.95.87.8)
status : success
timestamp : 2022/06/01 21:13:31
msg : Failed to connect to server: 10.95.87.8
status : failure
timestamp : 2022/06/01 21:15:39
Conn Uptime : 0
Re-conn Count : 0
Rate : 0 logs/sec
Connection to the log collector fails. Anybody encountered this before? As I have opened ports for communication between devices.
Hi @Tobi_Babatunde ,
From the FW management interface can you ping the log collector IP?
could you give more details about your environment? Are you using distributed environment with dedicated log collectors? If you are having an issue with a single log collector only, then first thing I would be looking into is health of that log collector and log files from CLI of log collector to see errors: tail lines 200 mp-log ms.log
Thank you for response @Tobi_Babatunde and sorry to hear that.
To be honest, if you ended up in this state after downgrade, opening a TAC ticket would be better place to address this issue.
Personally, if there is no error message about log collector in Panorama other than "disconnected" status, I would try to reload the log collector and check system logs in Panorama as well as logs from CLI: "tail lines 200 mp-log ms.log" in Panorama as well as log collector whether it can uncover the root cause for disconnection.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!