cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Traffic and Threats not visible in Panorama Monitor despite logs are send from FW to Panorama

Announcements

Changes to the LIVEcommunity experience are coming soon... Here's what you need to know.

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Reply
ArisDizdarevic
L1 Bithead
‎06-20-2018 12:13 AM
‎06-20-2018 12:13 AM

Traffic and Threats not visible in Panorama Monitor despite logs are send from FW to Panorama

 

It's a while since our system of 3 HA Palo Alto Firewalls stopped showing logs in Panorama. 

 

The logs are generated and forwarded to Panorama as in next two pictures:

Panorama-receiving logsPanorama-receiving logsOne of FW sending logsOne of FW sending logsTraffic and Threats not visibleTraffic and Threats not visible

On one of webpages it was suggested we need additional license for wieving logs in Panorama? 

licenseslicenses

Summary:

Time is synchronized on Panorama and firewalls

Reseting log receiver on Panorama doesn't help (debug software restart process management-server)

 

We have no clue what to do next so any help would be appreciated.

4 people had this problem.
0 Likes
Reply
JoeAndreini
L4 Transporter
‎06-20-2018 04:11 AM
‎06-20-2018 04:11 AM

What version of Panorama?

How long has panorama been up?

 

I experienced a similar issue in 7.1.10 and was told that it was probably related to a bug.  Restarting panorama fixes it for a few months at a time at my location.

0 Likes
Reply
ArisDizdarevic
L1 Bithead
‎06-20-2018 11:45 AM
‎06-20-2018 11:45 AM

Thanks for the answer,

 

As for Panorama version we have (also on all FW's we have the same softw. version):

Software Version7.1.16

 

Unfortunally reseting the device did not solve the problem... There is still no traffic or threat info for the last 3 months... Firewalls generate logs o.k. and are viewable directly under FW, but Panorama somehow doesn't show them...

 

Perhaps is there a way to clear past traffic and threat logs on Panorama? Or somehowe restart collecting logs on Panorama and start over? Any idea how to do this?

 

Anyone else any suggestions?

0 Likes
Reply
anuj_mor
L2 Linker
‎06-20-2018 12:12 PM
‎06-20-2018 12:12 PM

Have you followed this article?

 

https://live.paloaltonetworks.com/t5/Configuration-Articles/Palo-Alto-Networks-Firewall-not-Forwardi...

0 Likes
Reply
OtakarKlier
Cyber Elite
Cyber Elite
‎06-20-2018 12:25 PM
‎06-20-2018 12:25 PM

Hello,

Also make sure the FW's and the Panorama are on the same versions. The Panorama can be a higher version but same base code.

 

Panorama version 8.0.9 can manage FW version 8.0.1-9 but not 8.1.0.

 

Hope that makes sense.

 

Regards,

0 Likes
Reply
anuj_mor
L2 Linker
‎06-20-2018 12:30 PM
‎06-20-2018 12:30 PM

It can 

@OtakarKlier wrote:

Hello,

Also make sure the FW's and the Panorama are on the same versions. The Panorama can be a higher version but same base code.

 

Panorama version 8.0.9 can manage FW version 8.0.1-9 but not 8.1.0.

 

Hope that makes sense.

 

Regards,

Panorama version 8.0.9 can manage 8.0.x or 7.x.x. 

 

"The Panorama can be a higher version but same base code." --> This is not a mandate.

0 Likes
Reply
ArisDizdarevic
L1 Bithead
‎06-20-2018 12:45 PM
‎06-20-2018 12:45 PM

I tried all options and solutions on link you gave me, but still no luck - still there are no new log entries from March this year.

 

Regarding versions - all versions are the SAME (on Panorama and on all the Firewalls in network).

 

Any other ideas?...

0 Likes
Reply
OtakarKlier
Cyber Elite
Cyber Elite
‎06-20-2018 01:35 PM
‎06-20-2018 01:35 PM

Hello,

I would call support and get their involvement.

 

Good luck.

0 Likes
Reply
jesuscano
L4 Transporter
‎10-27-2020 09:42 AM
‎10-27-2020 09:42 AM

Did you solve it?

0 Likes
Reply
ArisDizdarevic
L0 Member
‎10-28-2020 12:30 AM
‎10-28-2020 12:30 AM

The matter couldn't be solved by us, neither by level-2 support.

 

Finally level-3 support stepped in and only when they loged in "core-linux" on firewall they were able to determin the problem - the problem was to many inodes (https://en.wikipedia.org/wiki/Inode)

 

After level-3 cleanup all the logs and we set log-retention period to 5-months the situation was solved.

 

Hope this info helps you.

 

Br, Aris

0 Likes
Reply
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

Latest Blogs
Latest Posts
Privacy Policy Terms of Use
Copyright 2007 - 2021 - Palo Alto Networks