08-18-2011 10:20 AM
Hi - we are running 2x PA4050 in version 4.0.4. We are sending all logs to Panorama. We have them in active-passive mode. I see logs for both the policy and alarms (eg an etherchannel leg is lost - I get port & HA events etc) from the active. However, I can't get any logs (though it is logging locally) from the passive to Panorama. If I pull a fibre from an etherchannel on the passive I get a local log - but nothing to Panorama, if the passive has taken over and traffic is passing through it - I get no logs to Panorama! Help please - I may be misunderstanding how the logging works from passive to the Panorama?
08-22-2011 09:48 AM
By default, we send all SYSLOG data through the Management interface. Have you enabled "Service Routes"?
The Passive device will bring down all L2 and VWire interfaces so there will not be any traffic on these interfaces. System related events should get logged normally on the passive device but not traffic. The L3 interfaces are down by default but can be configured to bring up link and pass no traffic to eliminate delay. Once the Passive takes over as primary you should see logging just like the other box. If this is not the case you need to open a case with support.
Steve Krall
08-23-2011 02:37 AM
Many thanks. The issue was easily resolved with a reboot of passive box. We now receive logging and alarms from the passive (eg link failure) and traffic logging the passive is the active box. All goes to Panorama as expected.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
