no wildfire log entry

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

no wildfire log entry

L4 Transporter

Hello all

I have been creating a antivirus profile with alert action for all decoder for antivirus action and wildfire action.

but I tried to obtain some logs in wildfire log entrie. May be I didn't request the good file on the web?

How could I proceed to populate the wildfire log entrie.

thank you very much

15 REPLIES 15

L7 Applicator

Hi,

Just a quick question, have you downloaded the license key for wildfire subscription on the device (request license info) ?

You would be looking for :License entry:Feature: WildFire License

The wildfire log (on the Monitor tab on firewall) will populate only if the subscription is activated.

Yes sure the wildfire licence is ok and palo is a NFR appliance with licence valid

thank

L4 Transporter

Do you have a file blocking profile with action 'forward' or 'forward-continue'? This will allow the device to forward files to the WF cloud if the hash was not seen by the cloud to analyze the files for malicious activity.

Please read this article for more information on configuring and testing wildfire.

Reference article: https://live.paloaltonetworks.com/docs/DOC-3252

Thanks,

Aditi

Thank for your answers.

Yes I'have got a blocking profile with action 'forward' configured


when i tried the test command registration

test wildfire registration

This test may take a few minutes to finish. Do you want to continue? (y or n)

Test wildfire

        wildfire registration:         failed

and when tried this command to check tjhe status

show wildfire status

Connection info:

        Wildfire cloud:                default cloud

        Status:                        Idle

        Best server:

        Device registered:             no

        Valid wildfire license:        yes

        Service route IP address:      192.168.1.XX

        Signature verification:        enable

        Server selection:              enable

        Through a proxy:               no

i check the licence

request license info

License entry:

Feature: WildFire License

Description: WildFire signature feed, integrated WildFire logs, WildFire API

Serial: 00160XXXXXX

Issued: May 28, 2013

Expires: March 19, 2014

Expired?: no

for summrize : Licence for wildfire is ok but the registration to the cloud failed

Have got you an Idea ?

thank

Make sure the mgmt interface has connectivity to internet. This indicates the device is unable to register/communicate with the WF cloud. You can try configuring a service route for Wildfire traffic to use a DP port and test as well.

Thanks,

Aditi

L5 Sessionator

DNS issue ?

Which DNS server is used by your palo ? internal with fowarding ? external ?

V.

Hi

I mad the verification about DNS and I could resolve with the management interface

ping source 192.168.1.250 host www.google.com

it works fine but I tried something like

ping source 192.168.1.250 host wildfire.paloaltonetworks.com

PING wildfire.paloaltonetworks.com (54.241.16.153) from 192.168.1.250 : 56(84) bytes of data.

^C

--- wildfire.paloaltonetworks.com ping statistics ---

29 packets transmitted, 0 received, 100% packet loss, time 28044ms

You right something is wrong in my dns resolution I will looking for why

thank

you cannot ping wildfire.paloaltonetworks.com.That is normal.

also 54.241.16.153 is correct ip.

after check Re: Wildfire not showing any files.

and investigate my dns , wildfire

the DNS it's ok

wildfire license is ok

when I tried the test registration wildfire command the result stay at failed

and when tried this command

show wildfire status

Connection info:

        Wildfire cloud:                default cloud

        Status:                        Registering

        Device registered:             no

        Valid wildfire license:        yes

but most of the time the status is idle with this command

and I saw traffic to ca-s1.wildfire.paloaltonetworks.com or va-s1.wildfire.paloaltonetworks.com in traffic log with allow action

how could I registered my device for wildfire??

Can you log in wildfire.paloaltonetworks.com ?

do you see your device there ?

Yes I can see my device in source list in the report tab of wildfire.paloaltonetworks.com

but if I select my serial as a souce no data is return, this palo never sent file to wildfire.

I don't undertand why I see my device in wildfire cloud as registered, but when I check the status of my device the status is not registered?

another information I've got almost 50 device registered on the wildfire cloud.

may be there is a limit of registered device?

Ok

try to download that malware link I sent you from private.

it should give us a log on wildfire.

ok it's done I download it

the result is  in the datafiltering log 2 actions one forward and one alert

each time i donwload your file

and after that I configure the block action instead alert in the antivirus profile and when I tried to download again the the file is block.

but i never add a wildfire log entry

finaly

the protection works the wildfire update works

but sending file to the wildfire cloud doesn't work due to a registration issue

I will open a case

thank

  • 5471 Views
  • 15 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!