09-10-2020 12:12 AM
Hi Brother,
Our PA-220 happen the GUI stopped the LOG records after the 21-AUG-2020 08:00.
Impact the Traffic Log, Threat Log, URL Filtering Log, Data Filtering Log, Wildfire Submission Log.
Do you have any experience on this issue?
Thanks & Regards,
JC
09-10-2020 01:24 AM
Try then Clearing the logs if you do not need them.
are you sure Firewall passing traffic?
09-10-2020 12:35 AM
I can suggest to check below few points -
1. Check if the logging is enabled on the security polices where your traffic will hit. If someone have unchecked it and post that logs are not coming.
2. If it is enabled, run below commands under cli on the gateway.
show log traffic direction equal backward
show log threat direction equal backward
show log url direction equal backward
This will confirm you if logs are getting written on the firewall. If you are able to see logs under cli then you may need to restart management-server process on the gateway as it may be issue related to logs display on web interface.
Also check license on the gateway.
09-10-2020 12:36 AM
admin@PA-220> tail follow yes mp-log logrcvr.log
2020-09-10 14:46:29.980 +0800 debug: pan_sigdb_update_categoryhash(pan_sigdb.c:1232): after reading xml:1599720389
2020-09-10 14:46:29.985 +0800 debug: pan_sigdb_update_categoryhash_from_xml(pan_sigdb.c:1209): after converting to hash:1599720389
2020-09-10 14:46:30.906 +0800 debug: pan_logdb_writer_handle_overflow(pan_logdb_writer.c:3870): getting log num..
2020-09-10 14:46:30.907 +0800 Error: pan_logdb_get_nrecs(pan_logdb_utils.c:605): Invalid loghdr version(0x3) in /opt/pancfg/mgmt/logdb/traffic/1/20200910/pan.log
2020-09-10 14:46:30.907 +0800 Error: _get_log_num(pan_logdb_writer.c:3259): Failed to get nrecs for pan.0000000000.log
2020-09-10 14:46:30.907 +0800 Error: pan_logdb_writer_handle_overflow(pan_logdb_writer.c:3872): Error getting the last log num in dir:/opt/pancfg/mgmt/logdb/traffic/1/20200910
2020-09-10 14:46:30.907 +0800 Error: _write_task_disk_flush_process(pan_logdb_writer.c:2206): Error handling overflow.. will try for the next buffer again
2020-09-10 14:46:30.907 +0800 Error: _taskq_worker(pan_taskq.c:622): Error executing tasks process fn
2020-09-10 14:46:31.177 +0800 Error: _init_cache_handles(pan_sigdb.c:1614): Error getting dbfilename for db_type:3
2020-09-10 14:46:31.177 +0800 Error: pan_sigdb_enable_cache_handles(pan_sigdb.c:4081): Error initializing cache handles for db_type:WPC
2020-09-10 14:46:33.755 +0800 debug: pan_url_category_reset_defaults(pan_url_category.c:351): Revert to original BrightCloud categories
2020-09-10 14:46:33.755 +0800 debug: pan_url_category_reset_defaults(pan_url_category.c:356): Revert to original PAN categories
2020-09-10 14:46:33.845 +0800 debug: pan_log_convert_from_firewall_log(pan_log_receiver.c:2785): pan_log_convert_from_firewall_log, receive rule name WiFi to Internet, rule_uuid 742aea59-dca1-4728-9bac-9f0869a0c12a,
convert to rule_uuid_id 0x74 0x2a 0xea 0x59 0xdc 0xa1 0x47 0x28 0x9b 0xac 0x9f 0x8 0x69 0xa0 0xc1 0x2a
2020-09-10 14:46:33.845 +0800 debug: pan_log_convert_from_firewall_log(pan_log_receiver.c:2785): pan_log_convert_from_firewall_log, receive rule name WiFi to Internet, rule_uuid 742aea59-dca1-4728-9bac-9f0869a0c12a,
convert to rule_uuid_id 0x74 0x2a 0xea 0x59 0xdc 0xa1 0x47 0x28 0x9b 0xac 0x9f 0x8 0x69 0xa0 0xc1 0x2a
2020-09-10 14:46:33.846 +0800 debug: pan_log_convert_from_firewall_log(pan_log_receiver.c:2785): pan_log_convert_from_firewall_log, receive rule name WiFi to Internet, rule_uuid 742aea59-dca1-4728-9bac-9f0869a0c12a,
convert to rule_uuid_id 0x74 0x2a 0xea 0x59 0xdc 0xa1 0x47 0x28 0x9b 0xac 0x9f 0x8 0x69 0xa0 0xc1 0x2a
2020-09-10 14:46:33.846 +0800 debug: pan_log_convert_from_firewall_log(pan_log_receiver.c:2785): pan_log_convert_from_firewall_log, receive rule name WiFi to Internet, rule_uuid 742aea59-dca1-4728-9bac-9f0869a0c12a,
convert to rule_uuid_id 0x74 0x2a 0xea 0x59 0xdc 0xa1 0x47 0x28 0x9b 0xac 0x9f 0x8 0x69 0xa0 0xc1 0x2a
2020-09-10 14:46:33.846 +0800 debug: pan_log_convert_from_firewall_log(pan_log_receiver.c:2785): pan_log_convert_from_firewall_log, receive rule name WiFi to Internet, rule_uuid 742aea59-dca1-4728-9bac-9f0869a0c12a,
convert to rule_uuid_id 0x74 0x2a 0xea 0x59 0xdc 0xa1 0x47 0x28 0x9b 0xac 0x9f 0x8 0x69 0xa0 0xc1 0x2a
2020-09-10 14:46:33.847 +0800 handling logdb overflow..
2020-09-10 14:46:33.847 +0800 Checking to purge traffic logtype
2020-09-10 14:46:34.719 +0800 debug: pan_log_convert_from_firewall_log(pan_log_receiver.c:2785): pan_log_convert_from_firewall_log, receive rule name BLOCK-LIST_ByIn, rule_uuid 6ceeb8db-96dc-472c-8e14-915d8392d02b,
convert to rule_uuid_id 0x6c 0xee 0xb8 0xdb 0x96 0xdc 0x47 0x2c 0x8e 0x14 0x91 0x5d 0x83 0x92 0xd0 0x2b
2020-09-10 14:46:35.837 +0800 debug: pan_logdb_writer_handle_overflow(pan_logdb_writer.c:3870): getting log num..
2020-09-10 14:46:35.837 +0800 Error: pan_logdb_get_nrecs(pan_logdb_utils.c:605): Invalid loghdr version(0x3) in /opt/pancfg/mgmt/logdb/traffic/1/20200910/pan.log
2020-09-10 14:46:35.837 +0800 Error: _get_log_num(pan_logdb_writer.c:3259): Failed to get nrecs for pan.0000000000.log
2020-09-10 14:46:35.837 +0800 Error: pan_logdb_writer_handle_overflow(pan_logdb_writer.c:3872): Error getting the last log num in dir:/opt/pancfg/mgmt/logdb/traffic/1/20200910
2020-09-10 14:46:35.837 +0800 Error: _write_task_disk_flush_process(pan_logdb_writer.c:2206): Error handling overflow.. will try for the next buffer again
2020-09-10 14:46:35.837 +0800 Error: _taskq_worker(pan_taskq.c:622): Error executing tasks process fn
2020-09-10 14:46:38.552 +0800 handling logdb overflow..
09-10-2020 12:48 AM
Plus to what @SutareMayursaid.
ِAt the end try rebooting the firewall
09-10-2020 12:48 AM
show log traffic direction equal backward
admin@PA-220> show log traffic direction equal backward
Time App From Src Port Source
Rule Action To Dst Port Destination
Src User Dst User End Reason
Rule_UUid
====================================================================================================
2020/08/21 07:59:59 wechat-base SecurityZone_WiFi 54012 172.16.7.111
WiFi to Internet allow SecurityZone_Internet 80 203.205.255.143
tcp-fin
2020/08/21 07:59:49 dns SecurityZone_WiFi 49852 172.16.7.111
WiFi to Internet allow SecurityZone_Internet 53 210.0.128.251
aged-out
2020/08/21 07:59:49 dns SecurityZone_WiFi 43631 172.16.7.111
WiFi to Internet allow SecurityZone_Internet 53 210.0.128.251
aged-out
2020/08/21 07:59:42 incomplete SecurityZone_WiFi 33492 172.16.7.111
WiFi to Internet allow SecurityZone_Internet 80 47.246.16.233
tcp-rst-from-server
show log threat direction equal backward
admin@PA-220> show log threat direction equal backward
Time App From Src Port Source
Rule Action To Dst Port Destination
Severity Src User Dst User Threat Pcap_id
Rule_UUid
==========================================================================================
2020/08/21 07:47:00 ssl SecurityZone_WiFi 39332 172.16.7.111
WiFi to Internet alert SecurityZone_Internet 443 203.119.216.50
info Non-RFC Compliant SSL Traffic on Port 443(56112) 0
2020/08/21 07:45:18 ssl SecurityZone_WiFi 39264 172.16.7.111
WiFi to Internet alert SecurityZone_Internet 443 203.119.216.50
info Non-RFC Compliant SSL Traffic on Port 443(56112) 0
2020/08/21 07:31:35 ssl SecurityZone_WiFi 54948 172.16.7.111
WiFi to Internet alert SecurityZone_Internet 443 203.119.217.112
info Non-RFC Compliant SSL Traffic on Port 443(56112) 0
show log url direction equal backward
admin@PA-220> show log url direction equal backward
Time App From Src Port Source
Rule Action To Dst Port Destination
Severity Src User Dst User Threat Pcap_id
Rule_UUid
==========================================================================================
2020/08/21 07:59:49 paloalto-wildfi SecurityZone_WiFi 60405 172.16.0.254
PA-220 to PAN-UPDAT alert SecurityZone_Internet 443 35.247.145.234
info (9999) 0
2020/08/21 07:57:49 paloalto-wildfi SecurityZone_WiFi 59305 172.16.0.254
PA-220 to PAN-UPDAT alert SecurityZone_Internet 443 35.247.145.234
info (9999) 0
2020/08/21 07:57:05 taobao SecurityZone_WiFi 46660 172.16.7.111
WiFi to Internet alert SecurityZone_Internet 443 140.205.252.4
info (9999) 0
2020/08/21 07:56:51 paloalto-update SecurityZone_WiFi 56117 172.16.0.254
PA-220 to PAN-UPDAT alert SecurityZone_Internet 443 199.167.52.141
info (9999) 0
debug software restart process management-server
debug software restart process management-server
09-10-2020 12:55 AM
I tried to restart the device via the GUI Reboot/Physical Power Off and Power On
The problem still in >...<
09-10-2020 01:05 AM
I tried to restart the device via the GUI Reboot/Physical Power Off and Power On
The problem still in >...<
09-10-2020 01:11 AM
The problem still in via below comment >...<
show log traffic direction equal backward
show log url direction equal backward
show log threat direction equal backward
debug log-receiver statistics
debug log-receiver on debug
tail follow yes mp-log logrcvr.log
debug software restart process log-receiver
debug software restart process management-server
09-10-2020 01:24 AM
Try then Clearing the logs if you do not need them.
are you sure Firewall passing traffic?
09-10-2020 01:43 AM
Thanks for your help.
Finally, need clear all log include the traffic, threat, URL and etc, and then the latest traffic logs are coming.
but don't know what happens....... haha
are you sure Firewall passing traffic?
09-10-2020 02:27 AM
you are welcome.
Make sure the option " Stop Traffic when LogDB full" is disabled you can find it in (Device > Management > Logging Settings > Log Export and Reporting", because by defualt the firewall overwrite old traffic when Storage is full.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
