Threat Activity (ACC) and Monitor-LOGS-threats are empty

cancel
Showing results for 
Search instead for 
Did you mean: 

Threat Activity (ACC) and Monitor-LOGS-threats are empty

L1 Bithead

As the title suggest i have on my fw (pan os 10.0.4) Threat Activity (ACC) and Monitor-LOGS-threats totally empty.
Since few weeks ago no problem and all the other logs work fine.

And no changes have been made.
Any ideas?

already restart mgmt service withuot success.

 

1 REPLY 1

Cyber Elite
Cyber Elite

@Ots-network,

Have you tried actually restarting the firewall and not just the mgmt server? Are you actually sure that no changes have been made and someone maybe didn't accidentally remove the security group/profile from your policies? 

The first thing I would do is verify through my traffic logs that traffic is hitting rules that actually have a security group/profiles assigned to it so that threat logs would actually be generated. Then I would just generate something stupid that I know should be getting logged as a threat, such as a directory traversal attempt or a simple unauthorized brute force attach on a login page. 

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!