It's a while since our system of 3 HA Palo Alto Firewalls stopped showing logs in Panorama.
The logs are generated and forwarded to Panorama as in next two pictures:
On one of webpages it was suggested we need additional license for wieving logs in Panorama?
Time is synchronized on Panorama and firewalls
Reseting log receiver on Panorama doesn't help (debug software restart process management-server)
We have no clue what to do next so any help would be appreciated.
Thanks for the answer,
As for Panorama version we have (also on all FW's we have the same softw. version):
Unfortunally reseting the device did not solve the problem... There is still no traffic or threat info for the last 3 months... Firewalls generate logs o.k. and are viewable directly under FW, but Panorama somehow doesn't show them...
Perhaps is there a way to clear past traffic and threat logs on Panorama? Or somehowe restart collecting logs on Panorama and start over? Any idea how to do this?
Anyone else any suggestions?
Also make sure the FW's and the Panorama are on the same versions. The Panorama can be a higher version but same base code.
Panorama version 8.0.9 can manage FW version 8.0.1-9 but not 8.1.0.
Hope that makes sense.
Panorama version 8.0.9 can manage 8.0.x or 7.x.x.
"The Panorama can be a higher version but same base code." --> This is not a mandate.
The matter couldn't be solved by us, neither by level-2 support.
Finally level-3 support stepped in and only when they loged in "core-linux" on firewall they were able to determin the problem - the problem was to many inodes (https://en.wikipedia.org/wiki/Inode)
After level-3 cleanup all the logs and we set log-retention period to 5-months the situation was solved.
Hope this info helps you.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!