06-22-2019 12:05 PM
Hi,
I'm trying to forward all logs from PAN Firewall 3020 to an external Syslog server. I have followed the guide here and have tried to debug the problem by accessing the firewall through CLI but to no avail. However, I think I might have noticed an error from debugging.
By running this line of code, I get the following results:
debug log-receiver statistics
Logging statistics
------------------------------ -----------
Log incoming rate: 1/sec
Log written rate: 1/sec
Corrupted packets: 0
Corrupted URL packets: 0
Corrupted HTTP HDR packets: 0
Logs discarded (queue full): 0
Traffic logs written: 2168177
URL logs written: 0
Wildfire logs written: 0
Anti-virus logs written: 0
Widfire Anti-virus logs written: 0
Spyware logs written: 0
Attack logs written: 0
Vulnerability logs written: 0
Fileext logs written: 0
URL cache age out count: 0
URL cache full count: 0
URL cache key exist count: 0
URL cache wrt incomplete http hdrs count: 0
URL cache rcv http hdr before url count: 0
URL cache full drop count(url log not received): 0
URL cache age out drop count(url log not received): 0
Traffic alarms dropped due to sysd write failures: 0
Traffic alarms dropped due to global rate limiting: 0
Traffic alarms dropped due to each source rate limiting: 0
Traffic alarms generated count: 0
Log Forward count: 0
Log Forward discarded (queue full) count: 0
Log Forward discarded (send error) count: 0
Summary Statistics:
Num current drop entries in trsum:0
Num cumulative drop entries in trsum:0
Num current drop entries in thsum:0
Num cumulative drop entries in thsum:0
External Forwarding stats:
Type Enqueue Count Send Count Drop Count Queue Depth Send Rate(last 1min)
syslog 58338 58338 0 0 0
snmp 0 0 0 0 0
email 0 0 0 0 0
raw 0 0 0 0 0I noticed that the send rate is 0 but the enqueue and send count is quite high, but I can't seem to find any logs that state the reason why it is not being sent to my external syslog server. Could anyone help me with this issue please? Thank you!
06-22-2019 10:41 PM
Hi,
I have found out the problem. It was that the service route was not configured properly and so the logs we not sent via the correct IP/Port. Thank you for your help!
06-22-2019 12:41 PM
give us output of show logging status
is correect log forwarding profile applied to security rules?
Do you see traffic logs in the monitar tab?
06-22-2019 10:41 PM
Hi,
I have found out the problem. It was that the service route was not configured properly and so the logs we not sent via the correct IP/Port. Thank you for your help!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
