Traffic logging issue from firewall to Panorama

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Traffic logging issue from firewall to Panorama

L2 Linker

Log-collector status show as active and connected. Checked the logging status and based on the time stamp, observed that log creating and log forwarding are stopped. So panorama is not showing a logs for pair of PA-850 firewalls.

 

We have tried restarting the management server on managed firewalls but it didn't helped.

 

Any suggestion and helps are highly appreciated.

3 REPLIES 3

Cyber Elite
Cyber Elite

Hello @Kathiravan_R

 

under assumption that you can see all the logs locally on the Firewall, I would perform below commands on Firewall to confirm log forwarding status:

 

debug management-server log-collector-agent-status

request log-collector-forwarding status

 

If the Firewall is not connected to log collector, I would be looking further into connectivity issue. Running packet capture might uncover the issue. Assuming you are using management interface for communication with Panorama, I would follow this KB with log collector's IP address as destination filter: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000CleECAS

If there is nothing obvious in pcap file, then as a next step I would be looking into Firewall system logs: tail lines 500 mp-log ms.log If this does not reveal anything, worse case scenario, failover Firewall, reboot it and fail back. 

 

If the Firewall is connected to log collector and log forwarding has stopped, then latter of these commands will show you last time stamp of forwarded log. In this case, I would suggest to follow this KB to see you can restart log forwarding from Panorama side: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClFCCA0

 

If the logs do not appear even locally in the Firewall, then potentially I would be looking into PAN-OS upgrade. I came across this issue in early releases of PAN-OS 9.1. What version are you running?

 

Kind Regards

Pavel

Help the community: Like helpful comments and mark solutions.

L2 Linker

Hi @PavelK,

 

Thank you for looking into this issue. Currently PA-850 pair is running on PAN-OS 8.1.13, firewalls are connected to log collector but suddenly log forwarding is stopped. I already followed this KB https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClFCCA0 however still issue persists.

 

I will try these commands and analyze the output.

 

debug management-server log-collector-agent-status

request log-collector-forwarding status

 

Cyber Elite
Cyber Elite

Thank you for reply @Kathiravan_R

 

since PAN-OS 8.1 is already end of life, I would try to upgrade to 9.1.14 first. If your Panorama is running lower version than your target upgrade version, you should upgrade Panorama first. If upgrade does not resolve the issue, I would go through PCAP to see Firewall can establish session with log collector at all, then check system logs and debugs.

 

Kind Regards

Pavel

Help the community: Like helpful comments and mark solutions.
  • 2743 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!