- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
09-02-2016 11:52 PM
So I just stood up a PA-VM-100 fw on ESXi server and everything seem to work just fine except I am not seeing Traffic, Threat, and URL logs under Monitor tab on the WebGUI. I have spent past 48 hours trying to figure this out but to no avail. I tried restart the log receiver servers, management server but no luck. I even added another 40GB HDD to give it enough space if that could an issue. At this point I'm not sure what could be wrong. Anyone please help if you have seen/experience a similar issue.
Below is the output from logrcvr.log
2016-09-03 02:36:56.025 -0400 pan_logrcvr_write exit
2016-09-03 02:36:57.945 -0400 stopping the logq thread
2016-09-03 02:36:57.945 -0400 waiting for the logq thread to join
2016-09-03 02:36:57.945 -0400 logq thread joined
2016-09-03 02:36:57.945 -0400 Got exit event over mplog_pipe[0]:19
2016-09-03 02:36:58.424 -0400 debug: pan_summary_interval_dirname(pan_rollup_reports.c:87): intervals filename: /opt/pancfg/mgmt/logdb/trsum/1/20160903/
2016-09-03 02:36:58.444 -0400 debug: pan_summary_interval_dirname(pan_rollup_reports.c:87): intervals filename: /opt/pancfg/mgmt/logdb/thsum/1/20160903/
2016-09-03 02:36:58.444 -0400 debug: pan_summary_interval_dirname(pan_rollup_reports.c:87): intervals filename: /opt/pancfg/mgmt/logdb/urlsum/1/20160903/
2016-09-03 02:36:58.444 -0400 delete 0 url objects from 0 cache entries, where 0 url objects are not dynamic allocated.
2016-09-03 02:36:58.489 -0400 debug: pan_url_category_reset_defaults(pan_url_category.c:318): Revert to original BrightCloud categories
2016-09-03 02:36:58.489 -0400 debug: pan_url_category_reset_defaults(pan_url_category.c:323): Revert to original PAN categories
2016-09-03 02:36:58.492 -0400 sysd worker 1: shutting down
2016-09-03 02:36:58.492 -0400 sysd worker 0: shutting down
2016-09-03 02:36:58.496 -0400 sysd main thread: shutting down
2016-09-03 02:36:58.496 -0400 debug: pan_nf_clear_alt(pan_logrcvr_netflow.c:929): Clearing previous netflow config
2016-09-03 02:36:58.496 -0400 debug: pan_nf_clear_alt(pan_logrcvr_netflow.c:929): Clearing previous netflow config
2016-09-03 02:36:58.497 -0400 ====================== LOGRCVR: end ========================
2016-09-03 02:36:58.497 -0400 debug: pan_sys_fini(pan_sys.c:294): pan_log_receiver
2016-09-03 02:36:58.497 -0400 debug: destruct_ex_url_token_hash(pan_logdb_indexer_v2.c:5601): destruct_ex_url_token_hash
2016-09-03 02:36:59.333 -0400 ===================== LOGRCVR: start =======================
2016-09-03 02:36:59.349 -0400 sysd worker[1]: f57afb70: starting up...
2016-09-03 02:36:59.349 -0400 sysd worker[0]: f5bafb70: starting up...
2016-09-03 02:37:01.348 -0400 Sysd Event: SUCCESS
2016-09-03 02:37:01.353 -0400 DNS_API - dns_vsys_disabled: FALSE
2016-09-03 02:37:01.353 -0400 DNS_API - init dns_vsys_disabled: FALSE
2016-09-03 02:37:01.353 -0400 created thread pool(0x88a8000, 2)
2016-09-03 02:37:01.353 -0400 Error: create_worker_threads(threadpool.c:27): thread pool configures with zero threads!
2016-09-03 02:37:01.353 -0400 created thread pool(0x88a8074, 0)
2016-09-03 02:37:01.353 -0400 Error: create_worker_threads(threadpool.c:27): thread pool configures with zero threads!
2016-09-03 02:37:01.353 -0400 created thread pool(0x88a80e8, 0)
2016-09-03 02:37:01.353 -0400 Error: pan_cfg_get_sysd_bool(pan_cfg_utils.c:5965): failed to fetch: NO_MATCHES
2016-09-03 02:37:01.354 -0400 SYSLOGCLNT(0xf7aa6f20, 0xf7aa6fa4, 28855, init) new connection work(0x8880b80, 0, 😎 rcvd
2016-09-03 02:37:01.354 -0400 FDAIO (0xf7aa6fa4, 😎 wr(0xf7aa6fd0, 0xf7100b50, 😎 rd(0xf7aa7024, 0xf71000a0, 😎
2016-09-03 02:37:01.354 -0400 SYSLOGCLNT(0xf7aa7108, 0xf7aa718c, 28856, init) new connection work(0x8880c00, 0, 9) rcvd
2016-09-03 02:37:01.354 -0400 FDAIO (0xf7aa718c, 9) wr(0xf7aa71b8, 0xf7100b50, 9) rd(0xf7aa720c, 0xf71000a0, 9)
2016-09-03 02:37:01.354 -0400 SYSLOGCLNT(0xf7aa72f0, 0xf7aa7374, 28857, init) new connection work(0x8880c80, 0, 10) rcvd
2016-09-03 02:37:01.354 -0400 FDAIO (0xf7aa7374, 10) wr(0xf7aa73a0, 0xf7100b50, 10) rd(0xf7aa73f4, 0xf71000a0, 10)
2016-09-03 02:37:01.354 -0400 SYSLOGCLNT(0xf7aa74d8, 0xf7aa755c, 28858, init) new connection work(0x8880d00, 0, 11) rcvd
2016-09-03 02:37:01.354 -0400 FDAIO (0xf7aa755c, 11) wr(0xf7aa7588, 0xf7100b50, 11) rd(0xf7aa75dc, 0xf71000a0, 11)
2016-09-03 02:37:01.354 -0400 SYSLOGCLNT(0xf7aa76c0, 0xf7aa7744, 28859, init) new connection work(0x8880d80, 0, 12) rcvd
2016-09-03 02:37:01.354 -0400 FDAIO (0xf7aa7744, 12) wr(0xf7aa7770, 0xf7100b50, 12) rd(0xf7aa77c4, 0xf71000a0, 12)
2016-09-03 02:37:01.354 -0400 SYSLOGCLNT(0xf7aa7aa0, 0xf7aa7b24, 28861, init) new connection work(0x8880e00, 0, 13) rcvd
2016-09-03 02:37:01.354 -0400 FDAIO (0xf7aa7b24, 13) wr(0xf7aa7b50, 0xf7100b50, 13) rd(0xf7aa7ba4, 0xf71000a0, 13)
'cfg.container-page.debug': NO_MATCHES
2016-09-03 02:37:01.361 -0400 65536 container page cache entries
2016-09-03 02:37:01.361 -0400 Warning: pan_alloc_construct(pan_alloc.c:1703): unaligned chunk sz 292 for PAN_ALLOC_ALLOCATOR_FIXEDCHUNK
2016-09-03 02:37:01.366 -0400 Connected to mgmtsrvr successfully!
2016-09-03 02:37:01.367 -0400 Error: pan_cfg_get_sysd_string(pan_cfg_utils.c:6035): failed to fetch: NO_MATCHES
2016-09-03 02:37:01.367 -0400 Error: pan_is_corr_enabled(pan_corr_notifier.c:394): failed to fetch cfg.corr.enabled. error:NO_MATCHES
2016-09-03 02:37:01.386 -0400 latest logid for traffic: 0, recvtime: 0
2016-09-03 02:37:01.386 -0400 Next sequence number available for '0' logs 2
2016-09-03 02:37:01.389 -0400 Error: pan_logquery_parse_container_of_app_neq(pan_log_query.c:4335): cannot find app container incomplete
2016-09-03 02:37:01.404 -0400 latest logid for threat: 0, recvtime: 0
2016-09-03 02:37:01.404 -0400 Next sequence number available for '3' logs 2
'cfg.dbfilesz.extpcap': NO_MATCHES
2016-09-03 02:37:01.426 -0400 latest logid for extpcap: 0, recvtime: 0
2016-09-03 02:37:01.426 -0400 Next sequence number available for '13' logs 1
'cfg.platform.serial': NO_MATCHES
'cfg.corr.enabled': NO_MATCHES
2016-09-03 02:37:02.329 -0400 No netflow server profiles were used
'cfg.container-page.debug': NO_MATCHES
2016-09-03 02:37:02.340 -0400 container page cache timeout 5
2016-09-03 02:37:02.340 -0400 pan_nf_update_config_cache()
2016-09-03 02:37:02.340 -0400 config phase 2: update url_cache_timeout from 0 to 5
2016-09-03 02:37:02.340 -0400 Config agent for logrcvr is enabled
2016-09-03 02:37:02.340 -0400 shm alloc(read-only) 'pan_shm_base' size 5532232
2016-09-03 02:37:02.340 -0400 Shared memory base loaded successfully
2016-09-03 02:37:02.340 -0400 shm alloc(read-only) 'pan_shm_user' size 115200008
2016-09-03 02:37:02.340 -0400 Shared memory user loaded successfully
2016-09-03 02:37:02.342 -0400 shm alloc(read-only) 'pan_shm_base' size 5532232
2016-09-03 02:37:02.342 -0400 Shared memory base loaded successfully
2016-09-03 02:37:02.342 -0400 shm alloc(read-only) 'pan_shm_user' size 115200008
2016-09-03 02:37:02.342 -0400 Shared memory user loaded successfully
2016-09-03 02:37:02.362 -0400 netflow thread is now active
2016-09-03 02:37:02.374 -0400 latest logid for hipmatch: 0, recvtime: 0
2016-09-03 02:37:02.374 -0400 Next sequence number available for '9' logs 1
2016-09-03 02:37:02.388 -0400 latest logid for userid: 0, recvtime: 0
2016-09-03 02:37:02.388 -0400 Next sequence number available for '10' logs 1
'cfg.dbfilesz.iptag': NO_MATCHES
2016-09-03 02:37:02.406 -0400 latest logid for iptag: 0, recvtime: 0
2016-09-03 02:37:02.406 -0400 Next sequence number available for '11' logs 1
2016-09-03 02:37:02.406 -0400 Ready to process logs
2016-09-03 02:37:02.936 -0400 Error: pan_query_meta_construct(pan_query_meta.c:133): failed to read /opt/pancfg/mgmt/saved-configs/last-pushed-sp-config.xml
2016-09-03 02:37:03.399 -0400 Loading PaloAltoNetworks URL categories...
2016-09-03 02:37:03.399 -0400 Found URL categories
2016-09-03 02:37:03.399 -0400 Number of categories: 89 Order exists in content: no
2016-09-03 02:37:03.490 -0400 Warning: pan_sigdb_get_idsev_map(pan_sigdb.c:887): /opt/pancfg/mgmt/global/virus.xml.sev doesn't exist
2016-09-03 02:37:03.490 -0400 Warning: _pan_sigdb_get_hash(pan_sigdb.c:1290): failed to get av idsev map
2016-09-03 02:37:03.490 -0400 Warning: pan_sigdb_get_avdb(pan_sigdb.c:1009): /opt/pancfg/mgmt/global/virus.xml.db doesn't exist
2016-09-03 02:37:03.490 -0400 Warning: _pan_sigdb_get_hash(pan_sigdb.c:1294): failed to get avinfo db
2016-09-03 02:37:03.490 -0400 Warning: pan_sigdb_get_idsev_map(pan_sigdb.c:887): /opt/pancfg/mgmt/global/wildfire.xml.sev doesn't exist
2016-09-03 02:37:03.490 -0400 Warning: _pan_sigdb_get_hash(pan_sigdb.c:1300): failed to get wildfire idsev map
2016-09-03 02:37:03.490 -0400 Warning: pan_sigdb_get_wildfiredb(pan_sigdb.c:1029): /opt/pancfg/mgmt/global/wildfire.xml.db doesn't exist
2016-09-03 02:37:03.490 -0400 Warning: _pan_sigdb_get_hash(pan_sigdb.c:1304): failed to get wildfireinfo db
2016-09-03 02:37:03.490 -0400 Warning: pan_sigdb_get_idsev_map(pan_sigdb.c:887): /opt/pancfg/mgmt/global/wpc.xml.sev doesn't exist
2016-09-03 02:37:03.491 -0400 Warning: _pan_sigdb_get_hash(pan_sigdb.c:1310): failed to get wpc idsev map
2016-09-03 02:37:03.491 -0400 Warning: pan_sigdb_get_wpcdb(pan_sigdb.c:1049): /opt/pancfg/mgmt/global/wpc.xml.db doesn't exist
2016-09-03 02:37:03.491 -0400 Warning: _pan_sigdb_get_hash(pan_sigdb.c:1314): failed to get wpcinfo db
2016-09-03 02:37:03.785 -0400 Error: _init_cache_handles(pan_sigdb.c:1099): Error getting dbfilename for db_type:1
2016-09-03 02:37:03.785 -0400 Error: pan_sigdb_enable_cache_handles(pan_sigdb.c:2719): Error initializing cache handles for db_type:AV
09-02-2016 11:59 PM
Common symptom for an unlicensed vm series. Did you license/register it?
09-03-2016 12:02 AM
No I didn't. The odd thing is that I can forward the log to syslog server but can't view the Traffic,Threat,and URL logs in WebGUI. I can view the System, and Config logs in WebGUI just fine...
09-03-2016 12:13 AM
The logging will automatically start to work when you register/activate it.
09-03-2016 12:16 AM - edited 09-03-2016 12:16 AM
Just to add the only VM is able to log traffic logs without the licences is 5.0.6 based image.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!