09-14-2022 11:47 PM
My panorama, based on the spyglass on the monitor tab, shows the logs from the palo altos to be received days after the palo alto recorded them. Cannot find a reason or a fix. Have tried restarting both but problem persists.
09-15-2022 01:40 AM
Hi @tazzvon ,
Which PAN-OS versions are you running on both ?
Are they in the same location ?
Network bandwith can be the reason for this delay.
I'd verify the connection between the firewall and the log collector (panorama). Are there any delays ?
Also check the values in the mp-monitor logs on the firewall/panorama. Search for netstat as shown in the example below and make sure to check the connection between the firewall IP and the panorama IP:
ON THE FIREWALL
2022-09-14 10:41:37.128 +0200 --- netstat
tcp 0 671872 10.226.85.43:41159 10.22.171.202:3978 ESTABLISHED 19162/mgmtsrvr
ON THE PANORAMA
tcp6 0 0 10.22.171.202:3978 10.226.85.43:56651 ESTABLISHED 6473/mgmtsrvr
The 2 numbers next to tcp are receive-queue and send-queue. Notice in the example above the firewall has a send queue of 671872. If the queue number is high then the firewall was unable to send logs to the panorama on time.
Best,
-Kiwi.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
