PA-220 - Missing Log for Traffic, Threat, URL, Data Filtering, Wildfire

Reply
Highlighted
L2 Linker

PA-220 - Missing Log for Traffic, Threat, URL, Data Filtering, Wildfire

Hi Brother,

 

Our PA-220 happen the GUI stopped the LOG records after the 21-AUG-2020 08:00.

Impact the Traffic Log, Threat Log, URL Filtering Log, Data Filtering Log, Wildfire Submission Log.

 

Do you have any experience on this issue?

 

Thanks & Regards,

JC


Accepted Solutions
Highlighted
L3 Networker

Try then Clearing the logs if you do not need them.
are you sure Firewall passing traffic?

View solution in original post


All Replies
Highlighted
L6 Presenter

@JamesChim,

 

I can suggest to check below few points -

 

 

1. Check if the logging is enabled on the security polices where your traffic will hit. If someone have unchecked it and post that logs are not coming.

2. If it is enabled, run below commands under cli on the gateway.

 

show log traffic direction equal backward

show log threat direction equal backward

show log url direction equal backward

 

This will confirm you if logs are getting written on the firewall. If you are able to see logs under cli then you may need to restart management-server process on the gateway as it may be issue related to logs display on web interface.

 

Also check license on the gateway.

 



Mayur
Highlighted
L2 Linker

admin@PA-220> tail follow yes mp-log logrcvr.log
2020-09-10 14:46:29.980 +0800 debug: pan_sigdb_update_categoryhash(pan_sigdb.c:1232): after reading xml:1599720389
2020-09-10 14:46:29.985 +0800 debug: pan_sigdb_update_categoryhash_from_xml(pan_sigdb.c:1209): after converting to hash:1599720389
2020-09-10 14:46:30.906 +0800 debug: pan_logdb_writer_handle_overflow(pan_logdb_writer.c:3870): getting log num..
2020-09-10 14:46:30.907 +0800 Error: pan_logdb_get_nrecs(pan_logdb_utils.c:605): Invalid loghdr version(0x3) in /opt/pancfg/mgmt/logdb/traffic/1/20200910/pan.log
2020-09-10 14:46:30.907 +0800 Error: _get_log_num(pan_logdb_writer.c:3259): Failed to get nrecs for pan.0000000000.log
2020-09-10 14:46:30.907 +0800 Error: pan_logdb_writer_handle_overflow(pan_logdb_writer.c:3872): Error getting the last log num in dir:/opt/pancfg/mgmt/logdb/traffic/1/20200910
2020-09-10 14:46:30.907 +0800 Error: _write_task_disk_flush_process(pan_logdb_writer.c:2206): Error handling overflow.. will try for the next buffer again
2020-09-10 14:46:30.907 +0800 Error: _taskq_worker(pan_taskq.c:622): Error executing tasks process fn
2020-09-10 14:46:31.177 +0800 Error: _init_cache_handles(pan_sigdb.c:1614): Error getting dbfilename for db_type:3
2020-09-10 14:46:31.177 +0800 Error: pan_sigdb_enable_cache_handles(pan_sigdb.c:4081): Error initializing cache handles for db_type:WPC
2020-09-10 14:46:33.755 +0800 debug: pan_url_category_reset_defaults(pan_url_category.c:351): Revert to original BrightCloud categories
2020-09-10 14:46:33.755 +0800 debug: pan_url_category_reset_defaults(pan_url_category.c:356): Revert to original PAN categories
2020-09-10 14:46:33.845 +0800 debug: pan_log_convert_from_firewall_log(pan_log_receiver.c:2785): pan_log_convert_from_firewall_log, receive rule name WiFi to Internet, rule_uuid 742aea59-dca1-4728-9bac-9f0869a0c12a,
convert to rule_uuid_id 0x74 0x2a 0xea 0x59 0xdc 0xa1 0x47 0x28 0x9b 0xac 0x9f 0x8 0x69 0xa0 0xc1 0x2a
2020-09-10 14:46:33.845 +0800 debug: pan_log_convert_from_firewall_log(pan_log_receiver.c:2785): pan_log_convert_from_firewall_log, receive rule name WiFi to Internet, rule_uuid 742aea59-dca1-4728-9bac-9f0869a0c12a,
convert to rule_uuid_id 0x74 0x2a 0xea 0x59 0xdc 0xa1 0x47 0x28 0x9b 0xac 0x9f 0x8 0x69 0xa0 0xc1 0x2a
2020-09-10 14:46:33.846 +0800 debug: pan_log_convert_from_firewall_log(pan_log_receiver.c:2785): pan_log_convert_from_firewall_log, receive rule name WiFi to Internet, rule_uuid 742aea59-dca1-4728-9bac-9f0869a0c12a,
convert to rule_uuid_id 0x74 0x2a 0xea 0x59 0xdc 0xa1 0x47 0x28 0x9b 0xac 0x9f 0x8 0x69 0xa0 0xc1 0x2a
2020-09-10 14:46:33.846 +0800 debug: pan_log_convert_from_firewall_log(pan_log_receiver.c:2785): pan_log_convert_from_firewall_log, receive rule name WiFi to Internet, rule_uuid 742aea59-dca1-4728-9bac-9f0869a0c12a,
convert to rule_uuid_id 0x74 0x2a 0xea 0x59 0xdc 0xa1 0x47 0x28 0x9b 0xac 0x9f 0x8 0x69 0xa0 0xc1 0x2a
2020-09-10 14:46:33.846 +0800 debug: pan_log_convert_from_firewall_log(pan_log_receiver.c:2785): pan_log_convert_from_firewall_log, receive rule name WiFi to Internet, rule_uuid 742aea59-dca1-4728-9bac-9f0869a0c12a,
convert to rule_uuid_id 0x74 0x2a 0xea 0x59 0xdc 0xa1 0x47 0x28 0x9b 0xac 0x9f 0x8 0x69 0xa0 0xc1 0x2a
2020-09-10 14:46:33.847 +0800 handling logdb overflow..
2020-09-10 14:46:33.847 +0800 Checking to purge traffic logtype
2020-09-10 14:46:34.719 +0800 debug: pan_log_convert_from_firewall_log(pan_log_receiver.c:2785): pan_log_convert_from_firewall_log, receive rule name BLOCK-LIST_ByIn, rule_uuid 6ceeb8db-96dc-472c-8e14-915d8392d02b,
convert to rule_uuid_id 0x6c 0xee 0xb8 0xdb 0x96 0xdc 0x47 0x2c 0x8e 0x14 0x91 0x5d 0x83 0x92 0xd0 0x2b
2020-09-10 14:46:35.837 +0800 debug: pan_logdb_writer_handle_overflow(pan_logdb_writer.c:3870): getting log num..
2020-09-10 14:46:35.837 +0800 Error: pan_logdb_get_nrecs(pan_logdb_utils.c:605): Invalid loghdr version(0x3) in /opt/pancfg/mgmt/logdb/traffic/1/20200910/pan.log
2020-09-10 14:46:35.837 +0800 Error: _get_log_num(pan_logdb_writer.c:3259): Failed to get nrecs for pan.0000000000.log
2020-09-10 14:46:35.837 +0800 Error: pan_logdb_writer_handle_overflow(pan_logdb_writer.c:3872): Error getting the last log num in dir:/opt/pancfg/mgmt/logdb/traffic/1/20200910
2020-09-10 14:46:35.837 +0800 Error: _write_task_disk_flush_process(pan_logdb_writer.c:2206): Error handling overflow.. will try for the next buffer again
2020-09-10 14:46:35.837 +0800 Error: _taskq_worker(pan_taskq.c:622): Error executing tasks process fn
2020-09-10 14:46:38.552 +0800 handling logdb overflow..

Highlighted
L3 Networker

Plus to what @SutareMayursaid.

ِAt the end try rebooting the firewall

Highlighted
L2 Linker

show log traffic direction equal backward

admin@PA-220> show log traffic direction equal backward
Time App From Src Port Source
Rule Action To Dst Port Destination
Src User Dst User End Reason
Rule_UUid
====================================================================================================
2020/08/21 07:59:59 wechat-base SecurityZone_WiFi 54012 172.16.7.111
WiFi to Internet allow SecurityZone_Internet 80 203.205.255.143
tcp-fin
2020/08/21 07:59:49 dns SecurityZone_WiFi 49852 172.16.7.111
WiFi to Internet allow SecurityZone_Internet 53 210.0.128.251
aged-out
2020/08/21 07:59:49 dns SecurityZone_WiFi 43631 172.16.7.111
WiFi to Internet allow SecurityZone_Internet 53 210.0.128.251
aged-out
2020/08/21 07:59:42 incomplete SecurityZone_WiFi 33492 172.16.7.111
WiFi to Internet allow SecurityZone_Internet 80 47.246.16.233
tcp-rst-from-server

 

show log threat direction equal backward

admin@PA-220> show log threat direction equal backward
Time App From Src Port Source
Rule Action To Dst Port Destination
Severity Src User Dst User Threat Pcap_id
Rule_UUid
==========================================================================================
2020/08/21 07:47:00 ssl SecurityZone_WiFi 39332 172.16.7.111
WiFi to Internet alert SecurityZone_Internet 443 203.119.216.50
info Non-RFC Compliant SSL Traffic on Port 443(56112) 0
2020/08/21 07:45:18 ssl SecurityZone_WiFi 39264 172.16.7.111
WiFi to Internet alert SecurityZone_Internet 443 203.119.216.50
info Non-RFC Compliant SSL Traffic on Port 443(56112) 0
2020/08/21 07:31:35 ssl SecurityZone_WiFi 54948 172.16.7.111
WiFi to Internet alert SecurityZone_Internet 443 203.119.217.112
info Non-RFC Compliant SSL Traffic on Port 443(56112) 0

show log url direction equal backward

admin@PA-220> show log url direction equal backward
Time App From Src Port Source
Rule Action To Dst Port Destination
Severity Src User Dst User Threat Pcap_id
Rule_UUid
==========================================================================================
2020/08/21 07:59:49 paloalto-wildfi SecurityZone_WiFi 60405 172.16.0.254
PA-220 to PAN-UPDAT alert SecurityZone_Internet 443 35.247.145.234
info (9999) 0
2020/08/21 07:57:49 paloalto-wildfi SecurityZone_WiFi 59305 172.16.0.254
PA-220 to PAN-UPDAT alert SecurityZone_Internet 443 35.247.145.234
info (9999) 0
2020/08/21 07:57:05 taobao SecurityZone_WiFi 46660 172.16.7.111
WiFi to Internet alert SecurityZone_Internet 443 140.205.252.4
info (9999) 0
2020/08/21 07:56:51 paloalto-update SecurityZone_WiFi 56117 172.16.0.254
PA-220 to PAN-UPDAT alert SecurityZone_Internet 443 199.167.52.141
info (9999) 0

debug software restart process management-server

debug software restart process management-server

 

Highlighted
L2 Linker

I tried to restart the device via the GUI Reboot/Physical Power Off and Power On

 

The problem still in >...<

Highlighted
L2 Linker

@Abdul-Fattah 

I tried to restart the device via the GUI Reboot/Physical Power Off and Power On

 

The problem still in >...<

Highlighted
L3 Networker

@JamesChim try restart the Log-reciever proccess 

debug software restart process log-receiver

 

Highlighted
L2 Linker

@Abdul-Fattah 

 

The problem still in via below comment >...<

show log traffic direction equal backward
show log url direction equal backward
show log threat direction equal backward
debug log-receiver statistics
debug log-receiver on debug
tail follow yes mp-log logrcvr.log
debug software restart process log-receiver
debug software restart process management-server

 

Highlighted
L3 Networker

Try then Clearing the logs if you do not need them.
are you sure Firewall passing traffic?

View solution in original post

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!