Panorama 8 not receiving PA log

Reply
Highlighted
L1 Bithead

Panorama 8 not receiving PA log

Hi,

 

We are deploying a new Panorama 8 VM (in Panorama mode) and configured it to receive log from a PA-5020 running PA 7.0.11.

The Panorama GUI not show any log. I've debugged it in CLI:

 

> tail follow yes mp-log logd.log

2017-07-18 16:05:36.213 -0300 Error: pan_collect_log_stats(pan_log_handler.c:5704): Invalid record type 20
2017-07-18 16:05:36.214 -0300 Error: pan_collect_log_stats(pan_log_handler.c:5704): Invalid record type 20
2017-07-18 16:05:36.214 -0300 Error: pan_collect_log_stats(pan_log_handler.c:5704): Invalid record type 20
2017-07-18 16:05:36.214 -0300 Error: pan_collect_log_stats(pan_log_handler.c:5704): Invalid record type 20
2017-07-18 16:05:36.215 -0300 Error: pan_collect_log_stats(pan_log_handler.c:5704): Invalid record type 20
2017-07-18 16:05:36.215 -0300 Error: pan_collect_log_stats(pan_log_handler.c:5704): Invalid record type 20
2017-07-18 16:05:36.215 -0300 Error: pan_collect_log_stats(pan_log_handler.c:5704): Invalid record type 20
2017-07-18 16:05:36.216 -0300 Error: pan_collect_log_stats(pan_log_handler.c:5704): Invalid record type 20
2017-07-18 16:05:36.216 -0300 Error: pan_collect_log_stats(pan_log_handler.c:5704): Invalid record type 20
2017-07-18 16:05:36.216 -0300 Error: pan_collect_log_stats(pan_log_handler.c:5704): Invalid record type 20
2017-07-18 16:05:36.217 -0300 Error: pan_collect_log_stats(pan_log_handler.c:5704): Invalid record type 20
2017-07-18 16:05:36.217 -0300 Error: pan_collect_log_stats(pan_log_handler.c:5704): Invalid record type 20
2017-07-18 16:05:36.217 -0300 Error: pan_collect_log_stats(pan_log_handler.c:5704): Invalid record type 20
2017-07-18 16:05:36.218 -0300 Error: pan_collect_log_stats(pan_log_handler.c:5704): Invalid record type 20
2017-07-18 16:05:36.218 -0300 Error: pan_collect_log_stats(pan_log_handler.c:5704): Invalid record type 20
2017-07-18 16:05:36.218 -0300 Error: pan_collect_log_stats(pan_log_handler.c:5704): Invalid record type 20
2017-07-18 16:05:36.219 -0300 Error: pan_collect_log_stats(pan_log_handler.c:5704): Invalid record type 20
2017-07-18 16:05:36.219 -0300 Error: pan_collect_log_stats(pan_log_handler.c:5704): Invalid record type 20
2017-07-18 16:05:36.220 -0300 Error: pan_collect_log_stats(pan_log_handler.c:5704): Invalid record type 20

...

 

Is there any additional configuration that needs to be done?

There's other debug commands that can help me?

 

Regards,

Paulo R.

Tags (1)
Highlighted
L2 Linker

PA 5020 is a connected to panorama ?

What is device state ?

Highlighted
Cyber Elite

@pauloraponi,

Do your content versions match on Panorama and the 5020? My initial guess would be that they don't and that is why you are seeing these errors. You would want your Panorama to match your content releases or be a lower release than your firewalls, if your Panorama has a higher content version then you will get random issues like this when attempting to collect those logs. 

Highlighted
Cyber Elite

@pauloraponi

  • On what panorama version are you exactly?
  • Did you do a simple reboot?
  • Did you check the disk status?
  • Did you try to remove and add the disks again to your local log collector? (Do not try this when you still have logs on that log collector, may be from migrating to panorama mode, but since you wrote that you deploy a new panorama...)
  • Did you delete and add the local log collector?
Highlighted
L1 Bithead

@pkowalewski
PA 5020 is a connected to panorama ?
What is device state ?

- Is Connected status

 

When we deploy Panorama 7.1.x the logs works. 

When we deploy Panorama 8.x in legacy mode the logs works

When we deploy Panorama 8.x in the new "Panorama mode" the logs not works

 

@BPry
Do your content versions match on Panorama and the 5020? My initial guess would be that they don't and that is why you are seeing these errors. You would want your Panorama to match your content releases or be a lower release than your firewalls, if your Panorama has a higher content version then you will get random issues like this when attempting to collect those logs.

Content version are the same in both devices.

 

@vsys_remo
On what panorama version are you exactly?
Did you do a simple reboot?
Did you check the disk status?
Did you try to remove and add the disks again to your local log collector? (Do not try this when you still have logs on that log collector, may be from migrating to panorama mode, but since you wrote that you deploy a new panorama...)
Did you delete and add the local log collector?

- Panorama 8.0.2 fresh install

- The reboot did not fix the problem

- Disk status:

# show system disk-space
Filesystem     -     Size     -     Used     -     Avail     -     Use%     -     Mounted on
/dev/sda2     -      8.0G     -    2.3G     -   5.3G     -     30%        -     /
/dev/sda5     -     24G     -     1.5G     -     22G     -     7%     -         /opt/pancfg
/dev/sda6     -     6.0G     -    1.6G     -     4.2G     -     28%     -     /opt/panrepo
tmpfs     -            7.9G     -     110M     -  7.8G     -     2%     -     /dev/shm
cgroup_root     -  7.9G     -    0     -         7.9G     -      0%     -      /cgroup
/dev/sda8     -     32G     -     11G     -     20G     -     35%     -     /opt/panlogs
/dev/sdb1     -     2.1T     -     68M     -    2.1T     -     1%     -     /opt/panlogs/ld1
/dev/loop0     -     9.9G     -    151M     -    9.2G    -    2%     -     /opt/logbuffer

 

- I'm not migrating from legacy to panorama mode. I install it from scratch on 8.0.2 with all pre-requisits for Panorama Mode.

 

 

Highlighted
Cyber Elite

@pauloraponi

What about the other add/remove questions?

On the cli there are also other commands for checking the log collector (disks)...

Highlighted
Cyber Elite

@pauloraponi

On what hypervisor type is your panorama running?

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!