This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

[need help]can't see new incoming logs after upgrading M-100 into 8.1.12

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

[need help]can't see new incoming logs after upgrading M-100 into 8.1.12

emr_1
L5 Sessionator

‎12-31-2019 06:44 AM

Originally my devices are:

-one M-100 with 7.1.10

-two PA-5020 (HA) with 7.1.10

-one PA-3050 with 7.1.9

all of three Palo Alto devices were registered to M-100 and forwarding logs were working fine.

 

I start upgrading M-100 first. 

From 7.1.10 to 8.0.20.

-upgrade is fine

-three devices are connecting after upgrade

-I know old format logs were not seen (as expected)... that's fine.

-new logs are seen on M-100

 

Next, when I upgrade M-100 from 8.0.20 to 8.1.12.

-upgrade is fine.

-three devices are connecting after upgrade

-[PROBLEM]I can't see new logs on M-100

-the output of 'show logging status' on both firewall and M-100 seems to be synched...which means the logs should be correctly forwarded to M-100

 

Anybody hit same issue?

What should I do to display new logs on M-100 v8.1.12 (all devices are v7.1.9 and v7.1.10 at this point)

 

Thank,

Emr

0 Likes Likes
2 REPLIES 2

S.Cantwell
Cyber Elite
Cyber Elite

‎12-31-2019 10:33 AM

There were many changes in the 8.1 in terms of features sets and how Panorama is seen/used.

In pre 8.1, the Panorama only came up in Legacy mode.  In 8.1, I believe there is now a mode call Panorama mode.

When you look at your Dashboard on Panorama, what does it say?

 

Also, I think (strongly believe!!!) that you should be upgrading FWs to 8.1 or higher.

Both 8.0 and 7.x are now considered out of support, so you may not be able to contact support for  resolving this.

 

What other questions can we answer for you?

 

 

Help the community: Like helpful comments and mark solutions

emr_1
L5 Sessionator
In response to S.Cantwell

‎01-01-2020 12:17 AM

@S.Cantwell 

Thanks for your reply.

My panorama is M-100, thus this only supports Panorama mode. (I believe Legacy mode is only for VM)

I'll share new findings today as below:::

 

I kept leaving my topology as I wrote above..today I found new logs from firewalls are stored to my M-100.

If I trace back my system log, start time of recording is at 0:00 GMT today.

 

Summarize my scenario:

 

Date Time(GMT) events

--------------------------------------

12/30 04:59 Management server started. Running version 8.1.12
12/30 05:02 Autocommit job succeeded
12/31 --:--
01/01 00:00 New logs start to be stored

 

The difference between upgrade is done and new logs are:

19hrs (rest of 30th)+24hrs(31st)=43hrs

 

Do you think this is expected behavior?

 

Note that I'm doing NOTHING to all of four (M-100 and three firewalls).

 

Regards,

Emr

0 Likes Likes
  • 4759 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks