06-01-2022 06:37 PM
Hi All,
I have an interesting issue of most of my firewalls not sending logs to the log collector. Have only a 20% success ratio with successful log collection thus far.
I see the below in the below:
Log Collector : 000710004755
Conn ID : lr-10.95.87.8-2
Connection IP : 10.95.87.8
Conn Source IP : lr - def
High speed mode : Disabled
Connection Status : lr - Inactive
DNS :
msg : Successfully resolved FQDN for connid (lr-10.95.87.8-2-def), IP (10.95.87.8)
status : success
timestamp : 2022/06/01 21:13:31
Registration :
msg :
status :
timestamp :
SSL :
msg :
status :
timestamp :
TCP :
msg : Failed to connect to server: 10.95.87.8
status : failure
timestamp : 2022/06/01 21:15:39
Conn Uptime : 0
Re-conn Count : 0
Rate : 0 logs/sec
Connection to the log collector fails. Anybody encountered this before? As I have opened ports for communication between devices.
Thanks.
06-01-2022 07:07 PM
Hi @Tobi_Babatunde ,
From the FW management interface can you ping the log collector IP?
06-01-2022 07:25 PM - edited 06-01-2022 07:42 PM
Hi Jay,
Yes I can ping it.
Thanks.
06-08-2022 02:56 PM
Hello @Tobi_Babatunde
could you give more details about your environment? Are you using distributed environment with dedicated log collectors? If you are having an issue with a single log collector only, then first thing I would be looking into is health of that log collector and log files from CLI of log collector to see errors: tail lines 200 mp-log ms.log
Kind Regards
Pavel
06-08-2022 04:48 PM
Hi @PavelK, thanks for responding. It's a singular log collector. Have a new problem now, downgraded my panorama management server and log collector to 10.1.5-h2 thinking I was hitting a bug somewhere, now, my log collector is not even connecting to Panorama.
Thanks.
06-08-2022 09:34 PM
Thank you for response @Tobi_Babatunde and sorry to hear that.
To be honest, if you ended up in this state after downgrade, opening a TAC ticket would be better place to address this issue.
Personally, if there is no error message about log collector in Panorama other than "disconnected" status, I would try to reload the log collector and check system logs in Panorama as well as logs from CLI: "tail lines 200 mp-log ms.log" in Panorama as well as log collector whether it can uncover the root cause for disconnection.
Kind Regards
Pavel
06-27-2022 06:37 AM
Hi All,
Took the hard decision to rebuild the log collector and now can connect to panorama.
Thanks for the help.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
