PA-220 Reboot

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

PA-220 Reboot

L2 Linker

Hi Team,

Firewall got rebooted instead of generating a tech support file can we do any other troubleshooting to check why the firewall was rebooted. If i generate the tech support file i have to go to Palo to check what it is and wait till i get the response. Instead, if I can check few commands, it will be better.

 

In Cisco ASAs we can analyze ourselves why it is rebooted in show tech, In checkpoint we can check in /var/log/messages in the same way what needs to be checked in Palos.

 

Regards,

Sanjay S

2 ACCEPTED SOLUTIONS

Accepted Solutions

L2 Linker

Hi Sanjay,

 

Mp-monitor logs are found mp-logs directory (/var/log/pan) for all firewalls device models.

Dp-monitor logs are found under directory (/var/log/pan) for smaller platforms such as VM-devices, PA-2xx, PA-5xx, PA-8xx and under /opt/dp* directory for bigger platforms like PA-32xx, PA-5xxx, PA52xx and PA-7k .

 

Regards,

View solution in original post

L2 Linker

Hi Sanjay,

 

Please note that the above information can be helpful if looking through the tech-support file. For looking through CLI, you can run the below commands:

 

MP-monitor logs:
tail follow yes mp-log mp-monitor.log

less mp-log mp-monitor.log

 

DP-monitor logs:

tail follow yes dp[0,1,2]*-log dp-monitor.log

less dp[0,1,2]*-log dp-monitor.log

*Select the appropriate dp while running the command

 

Regards,

 

View solution in original post

5 REPLIES 5

Cyber Elite
Cyber Elite

Hi @Sanjay_Ramaiah ,

 

There should be something in the system logs.  The 1st thing I would do is go to Monitor > Logs > System and use the filter ( severity eq critical ).

 

Thanks,

 

Tom

Help the community: Like helpful comments and mark solutions.

L2 Linker

Hi @Sanjay_Ramaiah 

 

For any un-expected reboots, I would normally check the system logs (Monitor > Logs > System) and look for any 'Critical' alerts or any OOM (Out of Memory) or similar messages which might correlate with the time of the incident.

You would also like to run the "show system files" from the CLI to check if there are any cores files generated after a process crash.

 

If you would like to look at any logs from the tech-support file, /var/log/messages, mp-monitor & dp-monitor logs can be some to start with.

 

BTW, what is the  pa-os ? Below KBs can be of help.
Palo Alto Networks VM-Series Firewall suddenly restarts unexpectedly due to disk I/O Performance
Sudden Reboot of PA 800 Series Firewall

 

You can also refer the KB to know the preferred release of PAN-OS.

 

Regards,

L2 Linker

Thank you Arnesh for your reply,

Where will i find the mp-monitor & dp-monitor logs? 

Regards,

Sanjay S

L2 Linker

Hi Sanjay,

 

Mp-monitor logs are found mp-logs directory (/var/log/pan) for all firewalls device models.

Dp-monitor logs are found under directory (/var/log/pan) for smaller platforms such as VM-devices, PA-2xx, PA-5xx, PA-8xx and under /opt/dp* directory for bigger platforms like PA-32xx, PA-5xxx, PA52xx and PA-7k .

 

Regards,

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!