01-05-2020 06:06 PM - edited 01-05-2020 06:06 PM
I have inherited a PA-200 and recently just upgraded it to PAN-OS 8.1 and installed it. I have activated the licenses and subscriptions committed changes and reboot the device, but i am getting no logs at all with the exception of system logs.
Have i missed something or are there bigger issues going on?
01-05-2020 11:57 PM
Have you created any rules and or enabled loging at "session start/end" ?
Do you have traffic passing through the device ?
You can also enable logging for "intrazone-default" which is great for troubleshooting.
01-06-2020 01:35 PM
@NehmaanYes I have 2 security rules one inbound from internet and one outbound to the internet. I have also enabled logging on the intrazone and interzone rules. Still getting no logs except system logs.
Even when I check the CLI to see if it is writing to the box but not appearing in the GUI it doesn't have logs there.
01-07-2020 12:18 AM
Can you run the commands from CLI:
debug log-receiver statistics
debug log-receiver on debug
tail follow yes mp-log logrcvr.log
01-07-2020 01:57 PM
Here is the out put from those commands
=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2020.01.08 08:50:39 =~=~=~=~=~=~=~=~=~=~=~=
debug log-receiver statistics
[?1h=[24;1H[K
Logging statistics
------------------------------ -----------
Log incoming rate: 0/sec
Log written rate: 0/sec
Corrupted packets: 0
Corrupted URL packets: 0
Corrupted HTTP HDR packets: 0
Corrupted HTTP HDR Insert packets: 0
Corrupted EMAIL HDR packets: 0
Logs discarded (queue full): 0
Traffic logs written: 0
GTP logs written: 0
Tunnel logs written: 0
Auth logs written: 0
Userid logs written: 0
SCTP logs written: 0
URL logs written: 0
Wildfire logs written: 0
Anti-virus logs written: 0
Widfire Anti-virus logs written: 0
Spyware logs written: 0
Spyware-DNS logs written: 0
[24;1H[K[7mlines 1-23 [27m[24;1H[24;1H[KAttack logs written: 0
Vulnerability logs written: 0
Fileext logs written: 0
Fileext logs URL not written: 0
Fileext logs URL not written (timedout): 0
URL cache age out count: 0
URL cache full count: 0
URL cache key exist count: 0
URL cache wrt incomplete http hdrs count: 0
URL cache rcv http hdr before url count: 0
URL cache full drop count(url log not received): 0
URL cache age out drop count(url log not received): 0
Email hdr cache count: 0
Email hdr cache hit count: 0
HTTP hdr insertion received: 0
HTTP hdr insertion processed: 0
HTTP hdr insert no URL drop count: 0
HTTP hdr insert with invalid URL log: 0
HTTP hdr insert with values exceeded max allowed length: 0
Traffic alarms dropped due to sysd write failures: 0
Traffic alarms dropped due to global rate limiting: 0
Traffic alarms dropped due to each source rate limiting: 0
Traffic alarms generated count: 0
[24;1H[K[7mlines 24-46 [27m[24;1H[24;1H[KNetflow incoming count: 0
Log Forward count: 0
Log Forward discarded (queue full) count: 0
Log Forward discarded (send error) count: 0
Total logs not written due to disk unavailability: 0
Logs not written since disk became unavailable: 0
DPI logs received: 0
HIP Report logs received: 0
Summary Statistics:
Num current entries in trsum:0
Num cumulative entries in trsum:0
Num current entries in thsum:0
Num cumulative entries in thsum:0
Num current entries in urlsum:0
Num cumulative entries in urlsum:0
Num current entries in gtpsum:0
Num cumulative entries in gtpsum:0
Num current entries in sctpsum:0
Num cumulative entries in sctpsum:0
Num current drop entries in trsum:0
Num cumulative drop entries in trsum:0
Num current drop entries in thsum:0
[24;1H[K[7mlines 47-69 [27m[24;1H[24;1H[KNum cumulative drop entries in thsum:0
Num current drop entries in urlsum:0
Num cumulative drop entries in urlsum:0
Num current drop entries in gtpsum:0
Num cumulative drop entries in gtpsum:0
Num current drop entries in sctpsum:0
Num cumulative drop entries in sctpsum:0
External Forwarding stats:
Type Enqueue Count Send Count Drop Count Queue Depth Send
Rate(last 1min)
syslog 0 0 0 0
0
snmp 0 0 0 0
0
email 0 0 0 0
0
raw 0 0 0 0
0
http 0 0 0 0
0
autotag 0 0 0 0
0
[24;1H[K[7mlines 70-85 [27m[24;1H[24;1H[K
[24;1H[K[?1l>admin@PA-200> debug
[Kadmin@PA-200> debug log-receiver
[Kadmin@PA-200> debug log-receiver on
[Kadmin@PA-200> debug log-receiver on debug
[?1h=[24;1H[K
debug:on level:debug
[24;1H[K[?1l>admin@PA-200> tail
[Kadmin@PA-200> tail follow
[Kadmin@PA-200> tail follow yes
[Kadmin@PA-200> tail follow yes mp-log
[Kadmin@PA-200> tail follow yes mp-log logrcvr.log
2020-01-08 08:01:45.896 +1100 Warning: _pan_sigdb_get_hash(pan_sigdb.c:1819): failed to get avinfo db
2020-01-08 08:01:45.905 +1100 Warning: pan_sigdb_get_idsev_map(pan_sigdb.c:1295): /opt/pancfg/mgmt/global/wpc.xml.sev doesn't exist
2020-01-08 08:01:45.905 +1100 Warning: _pan_sigdb_get_hash(pan_sigdb.c:1835): failed to get wpc idsev map
2020-01-08 08:01:45.905 +1100 Warning: pan_sigdb_get_wpcdb(pan_sigdb.c:1461): /opt/pancfg/mgmt/global/wpc.xml.db doesn't exist
2020-01-08 08:01:45.905 +1100 Warning: _pan_sigdb_get_hash(pan_sigdb.c:1839): failed to get wpcinfo db
2020-01-08 08:01:51.242 +1100 Error: _init_cache_handles(pan_sigdb.c:1593): Error getting dbfilename for db_type:1
2020-01-08 08:01:51.243 +1100 Error: pan_sigdb_enable_cache_handles(pan_sigdb.c:4006): Error initializing cache handles for db_type:AV
2020-01-08 08:01:51.244 +1100 Error: _init_cache_handles(pan_sigdb.c:1593): Error getting dbfilename for db_type:3
2020-01-08 08:01:51.244 +1100 Error: pan_sigdb_enable_cache_handles(pan_sigdb.c:4006): Error initializing cache handles for db_type:WPC
2020-01-08 08:51:18.571 +1100 Process 1 logs in 0 sec
2020-01-08 08:52:04.021 +1100 debug: pan_logrcvr_update_time(pan_log_receiver.c:3533): Calling malloc_trim(0) now.
2020-01-08 08:53:04.621 +1100 debug: pan_logrcvr_update_time(pan_log_receiver.c:3533): Calling malloc_trim(0) now.
^Cadmin@PA-200> 01-07-2020 02:10 PM
Interesting!
Give the daemon a restart:
debug software restart process log-receiver
Also take a look at the following links, They might help:
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000CmA4CAK
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClozCAC
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
