PAN Next Generation Firewall 3020 can't Forward Logs Properly to External Syslog Server

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

PAN Next Generation Firewall 3020 can't Forward Logs Properly to External Syslog Server

L0 Member

Hi,

 

I'm trying to forward all logs from PAN Firewall 3020 to an external Syslog server. I have followed the guide here and have tried to debug the problem by accessing the firewall through CLI but to no avail. However, I think I might have noticed an error from debugging.

 

By running this line of code, I get the following results:

debug log-receiver statistics
Logging statistics
------------------------------ -----------
Log incoming rate:             1/sec
Log written rate:              1/sec
Corrupted packets:             0
Corrupted URL packets:         0
Corrupted HTTP HDR packets:    0
Logs discarded (queue full):   0
Traffic logs written:          2168177
URL logs written:              0
Wildfire logs written:         0
Anti-virus logs written:       0
Widfire Anti-virus logs written: 0
Spyware logs written:          0
Attack logs written:           0
Vulnerability logs written:    0
Fileext logs written:          0
URL cache age out count:       0
URL cache full count:          0
URL cache key exist count:     0
URL cache wrt incomplete http hdrs count: 0
URL cache rcv http hdr before url count: 0
URL cache full drop count(url log not received): 0
URL cache age out drop count(url log not received): 0
Traffic alarms dropped due to sysd write failures: 0
Traffic alarms dropped due to global rate limiting: 0
Traffic alarms dropped due to each source rate limiting: 0
Traffic alarms generated count:  0
Log Forward count:             0
Log Forward discarded (queue full) count: 0
Log Forward discarded (send error) count: 0

Summary Statistics:
Num current drop entries in trsum:0
Num cumulative drop entries in trsum:0
Num current drop entries in thsum:0
Num cumulative drop entries in thsum:0

External Forwarding stats:
      Type  Enqueue Count     Send Count     Drop Count    Queue Depth     Send Rate(last 1min)
    syslog          58338          58338              0              0                        0
      snmp              0              0              0              0                        0
     email              0              0              0              0                        0
       raw              0              0              0              0                        0

I noticed that the send rate is 0 but the enqueue and send count is quite high, but I can't seem to find any logs that state the reason why it is not being sent to my external syslog server. Could anyone help me with this issue please? Thank you!

1 accepted solution

Accepted Solutions

L0 Member

Hi,

 

I have found out the problem. It was that the service route was not configured properly and so the logs we not sent via the correct IP/Port. Thank you for your help!

View solution in original post

2 REPLIES 2

Cyber Elite
Cyber Elite

give us output of show logging status

is correect log forwarding profile applied to security rules?

 

Do you see traffic logs in the monitar tab?

MP

Help the community: Like helpful comments and mark solutions.

L0 Member

Hi,

 

I have found out the problem. It was that the service route was not configured properly and so the logs we not sent via the correct IP/Port. Thank you for your help!

  • 1 accepted solution
  • 7441 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!