Logs not been sent to dedicated log collector by some firewalls

cancel
Showing results for 
Search instead for 
Did you mean: 

Logs not been sent to dedicated log collector by some firewalls

L1 Bithead

Hi All,

 

I have an interesting issue of most of my firewalls not sending logs to the log collector. Have only a 20% success ratio with successful log collection thus far.

 

I see the below in the below:

 

Log Collector           : 000710004755

Conn ID                 : lr-10.95.87.8-2

Connection IP           :  10.95.87.8

Conn Source IP          : lr - def

High speed mode         :    Disabled

Connection Status       : lr - Inactive

DNS                    :

                    msg : Successfully resolved FQDN for connid (lr-10.95.87.8-2-def), IP (10.95.87.8)

                 status :     success

              timestamp : 2022/06/01 21:13:31

 

Registration           :

                    msg :            

                 status :            

              timestamp :            

 

SSL                    :

                    msg :            

                 status :            

              timestamp :            

 

TCP                    :

                    msg : Failed to connect to server: 10.95.87.8

                 status :     failure

              timestamp : 2022/06/01 21:15:39

 

Conn Uptime             :           0

Re-conn Count           :           0

 

Rate                    :  0 logs/sec

 

Connection to the log collector fails. Anybody encountered this before? As I have opened ports for communication between devices.

 

Thanks.

6 REPLIES 6

Community Team Member

Hi @Tobi_Babatunde ,

 

From the FW management interface can you ping the log collector IP? 

LIVEcommunity team member
Stay Secure,
Jay
Don't forget to Like items if a post is helpful to you!

Hi Jay,

Yes I can ping it.

Thanks.



L6 Presenter

Hello @Tobi_Babatunde

 

could you give more details about your environment? Are you using distributed environment with dedicated log collectors? If you are having an issue with a single log collector only, then first thing I would be looking into is health of that log collector and log files from CLI of log collector to see errors: tail lines 200 mp-log ms.log

 

Kind Regards

Pavel 

Help the community: Like helpful comments and mark solutions.

L1 Bithead

Hi @PavelK, thanks for responding. It's a singular log collector. Have a new problem now, downgraded my panorama management server and log collector to 10.1.5-h2 thinking I was hitting a bug somewhere, now, my log collector is not even connecting to Panorama.

 

Thanks.

 

L6 Presenter

Thank you for response @Tobi_Babatunde and sorry to hear that.

 

To be honest, if you ended up in this state after downgrade, opening a TAC ticket would be better place to address this issue.

Personally, if there is no error message about log collector in Panorama other than "disconnected" status, I would try to reload the log collector and check system logs in Panorama as well as logs from CLI: "tail lines 200 mp-log ms.log" in Panorama as well as log collector whether it can uncover the root cause for disconnection.

 

Kind Regards

Pavel

Help the community: Like helpful comments and mark solutions.

L1 Bithead

Hi All,

 

Took the hard decision to rebuild the log collector and now can connect to panorama.

 

Thanks for the help.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!