Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
06-19-2022 10:04 PM
Log-collector status show as active and connected. Checked the logging status and based on the time stamp, observed that log creating and log forwarding are stopped. So panorama is not showing a logs for pair of PA-850 firewalls.
We have tried restarting the management server on managed firewalls but it didn't helped.
Any suggestion and helps are highly appreciated.
06-19-2022 11:17 PM
Hello @Kathiravan_R
under assumption that you can see all the logs locally on the Firewall, I would perform below commands on Firewall to confirm log forwarding status:
debug management-server log-collector-agent-status
request log-collector-forwarding status
If the Firewall is not connected to log collector, I would be looking further into connectivity issue. Running packet capture might uncover the issue. Assuming you are using management interface for communication with Panorama, I would follow this KB with log collector's IP address as destination filter: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000CleECAS
If there is nothing obvious in pcap file, then as a next step I would be looking into Firewall system logs: tail lines 500 mp-log ms.log If this does not reveal anything, worse case scenario, failover Firewall, reboot it and fail back.
If the Firewall is connected to log collector and log forwarding has stopped, then latter of these commands will show you last time stamp of forwarded log. In this case, I would suggest to follow this KB to see you can restart log forwarding from Panorama side: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClFCCA0
If the logs do not appear even locally in the Firewall, then potentially I would be looking into PAN-OS upgrade. I came across this issue in early releases of PAN-OS 9.1. What version are you running?
Kind Regards
Pavel
06-20-2022 04:04 AM
Hi @PavelK,
Thank you for looking into this issue. Currently PA-850 pair is running on PAN-OS 8.1.13, firewalls are connected to log collector but suddenly log forwarding is stopped. I already followed this KB https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClFCCA0 however still issue persists.
I will try these commands and analyze the output.
debug management-server log-collector-agent-status
request log-collector-forwarding status
06-20-2022 02:57 PM
Thank you for reply @Kathiravan_R
since PAN-OS 8.1 is already end of life, I would try to upgrade to 9.1.14 first. If your Panorama is running lower version than your target upgrade version, you should upgrade Panorama first. If upgrade does not resolve the issue, I would go through PCAP to see Firewall can establish session with log collector at all, then check system logs and debugs.
Kind Regards
Pavel
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
