Panorama days behimd on receiving logs

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Panorama days behimd on receiving logs

L0 Member

My panorama, based on the spyglass on the monitor tab, shows the logs from the palo altos to be received days after the palo alto recorded them. Cannot find a reason or a fix. Have tried restarting both but problem persists.

1 REPLY 1

Community Team Member

Hi @tazzvon ,

 

Which PAN-OS versions are you running on both ?

Are they in the same location ?

Network bandwith can be the reason for this delay.

 

I'd verify the connection between the firewall and the log collector (panorama).  Are there any delays ?

Also check the values in the mp-monitor logs on the firewall/panorama.  Search for netstat as shown in the example below and make sure to check the connection between the firewall IP and the panorama IP:

 

 

ON THE FIREWALL
2022-09-14 10:41:37.128 +0200 --- netstat
tcp 0 671872 10.226.85.43:41159 10.22.171.202:3978 ESTABLISHED 19162/mgmtsrvr

ON THE PANORAMA
tcp6 0 0 10.22.171.202:3978 10.226.85.43:56651 ESTABLISHED 6473/mgmtsrvr

 

The 2 numbers next to tcp are receive-queue and send-queue.  Notice in the example above the firewall has a send queue of 671872.  If the queue number is high then the firewall was unable to send logs to the panorama on time.

 

Best,

-Kiwi.

LIVEcommunity team member, CISSP
Cheers,
Kiwi
Please help out other users and “Accept as Solution” if a post helps solve your problem !

Read more about how and why to accept solutions.
  • 1267 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!