No logs on PA-200

Reply
Highlighted
L1 Bithead

No logs on PA-200

I have inherited a PA-200 and recently just upgraded it to PAN-OS 8.1 and installed it. I have activated the licenses and subscriptions committed changes and reboot the device, but i am getting no logs at all with the exception of system logs.

 

Have i missed something or are there bigger issues going on?

Highlighted
L2 Linker

Re: No logs on PA-200

Have you created any rules and or enabled loging at "session start/end" ?

 

Do you have traffic passing through the device ?

 

You can also enable logging for "intrazone-default" which is great for troubleshooting. 

 

 

 

Highlighted
L1 Bithead

Re: No logs on PA-200

@NehmaanYes I have 2 security rules one inbound from internet and one outbound to the internet. I have also enabled logging on the intrazone and interzone rules. Still getting no logs except system logs.

 

Even when I check the CLI to see if it is writing to the box but not appearing in the GUI it doesn't have logs there.

Highlighted
L2 Linker

Re: No logs on PA-200

Can you run the commands from CLI: 

 

debug log-receiver statistics

 

debug log-receiver on debug

tail follow yes mp-log logrcvr.log

 

Highlighted
L1 Bithead

Re: No logs on PA-200

Here is the out put from those commands

 

=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2020.01.08 08:50:39 =~=~=~=~=~=~=~=~=~=~=~=
debug log-receiver statistics
[?1h=
Logging statistics
------------------------------ -----------
Log incoming rate:             0/sec
Log written rate:              0/sec
Corrupted packets:             0
Corrupted URL packets:         0
Corrupted HTTP HDR packets:    0
Corrupted HTTP HDR Insert packets: 0
Corrupted EMAIL HDR packets:   0
Logs discarded (queue full):   0
Traffic logs written:          0
GTP logs written:              0
Tunnel logs written:           0
Auth logs written:             0
Userid logs written:           0
SCTP logs written:             0
URL logs written:              0
Wildfire logs written:         0
Anti-virus logs written:       0
Widfire Anti-virus logs written: 0
Spyware logs written:          0
Spyware-DNS logs written:      0
lines 1-23 Attack logs written:           0
Vulnerability logs written:    0
Fileext logs written:          0
Fileext logs URL not written:  0
Fileext logs URL not written (timedout): 0
URL cache age out count:       0
URL cache full count:          0
URL cache key exist count:     0
URL cache wrt incomplete http hdrs count: 0
URL cache rcv http hdr before url count: 0
URL cache full drop count(url log not received): 0
URL cache age out drop count(url log not received): 0
Email hdr cache count:         0
Email hdr cache hit count:     0
HTTP hdr insertion received:   0
HTTP hdr insertion processed:  0
HTTP hdr insert no URL drop count: 0
HTTP hdr insert with invalid URL log: 0
HTTP hdr insert with values exceeded max allowed length: 0
Traffic alarms dropped due to sysd write failures: 0
Traffic alarms dropped due to global rate limiting: 0
Traffic alarms dropped due to each source rate limiting: 0
Traffic alarms generated count:  0
lines 24-46 Netflow incoming count:        0
Log Forward count:             0
Log Forward discarded (queue full) count: 0
Log Forward discarded (send error) count: 0
Total logs not written due to disk unavailability: 0
Logs not written since disk became unavailable: 0
DPI logs received:             0
HIP Report logs received:      0

Summary Statistics:
Num current entries in trsum:0
Num cumulative entries in trsum:0
Num current entries in thsum:0
Num cumulative entries in thsum:0
Num current entries in urlsum:0
Num cumulative entries in urlsum:0
Num current entries in gtpsum:0
Num cumulative entries in gtpsum:0
Num current entries in sctpsum:0
Num cumulative entries in sctpsum:0
Num current drop entries in trsum:0
Num cumulative drop entries in trsum:0
Num current drop entries in thsum:0
lines 47-69 Num cumulative drop entries in thsum:0
Num current drop entries in urlsum:0
Num cumulative drop entries in urlsum:0
Num current drop entries in gtpsum:0
Num cumulative drop entries in gtpsum:0
Num current drop entries in sctpsum:0
Num cumulative drop entries in sctpsum:0

External Forwarding stats:
      Type  Enqueue Count     Send Count     Drop Count    Queue Depth     Send 
Rate(last 1min)
    syslog              0              0              0              0          
              0
      snmp              0              0              0              0          
              0
     email              0              0              0              0          
              0
       raw              0              0              0              0          
              0
      http              0              0              0              0          
              0
   autotag              0              0              0              0          
              0
lines 70-85 
[?1l>admin@PA-200> debug 
admin@PA-200> debug log-receiver 
admin@PA-200> debug log-receiver on 
admin@PA-200> debug log-receiver on debug
[?1h=
debug:on level:debug

[?1l>admin@PA-200> tail 
admin@PA-200> tail follow 
admin@PA-200> tail follow yes 
admin@PA-200> tail follow yes mp-log 
admin@PA-200> tail follow yes mp-log logrcvr.log
2020-01-08 08:01:45.896 +1100 Warning:  _pan_sigdb_get_hash(pan_sigdb.c:1819): failed to get avinfo db
2020-01-08 08:01:45.905 +1100 Warning:  pan_sigdb_get_idsev_map(pan_sigdb.c:1295): /opt/pancfg/mgmt/global/wpc.xml.sev doesn't exist
2020-01-08 08:01:45.905 +1100 Warning:  _pan_sigdb_get_hash(pan_sigdb.c:1835): failed to get wpc idsev map
2020-01-08 08:01:45.905 +1100 Warning:  pan_sigdb_get_wpcdb(pan_sigdb.c:1461): /opt/pancfg/mgmt/global/wpc.xml.db doesn't exist
2020-01-08 08:01:45.905 +1100 Warning:  _pan_sigdb_get_hash(pan_sigdb.c:1839): failed to get wpcinfo db
2020-01-08 08:01:51.242 +1100 Error:  _init_cache_handles(pan_sigdb.c:1593): Error getting dbfilename for db_type:1
2020-01-08 08:01:51.243 +1100 Error:  pan_sigdb_enable_cache_handles(pan_sigdb.c:4006): Error initializing cache handles for db_type:AV
2020-01-08 08:01:51.244 +1100 Error:  _init_cache_handles(pan_sigdb.c:1593): Error getting dbfilename for db_type:3
2020-01-08 08:01:51.244 +1100 Error:  pan_sigdb_enable_cache_handles(pan_sigdb.c:4006): Error initializing cache handles for db_type:WPC
2020-01-08 08:51:18.571 +1100 Process 1 logs in 0 sec
2020-01-08 08:52:04.021 +1100 debug: pan_logrcvr_update_time(pan_log_receiver.c:3533): Calling malloc_trim(0) now.
2020-01-08 08:53:04.621 +1100 debug: pan_logrcvr_update_time(pan_log_receiver.c:3533): Calling malloc_trim(0) now.
^Cadmin@PA-200> 
Highlighted
L2 Linker

Re: No logs on PA-200

Interesting!

 

Give the daemon a restart: 

debug software restart process log-receiver

 

Also take a look at the following links, They might help:

 

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000CmA4CAK

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClozCAC

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!