Traffic logs not shown the recent logs for particular source IP

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Traffic logs not shown the recent logs for particular source IP

L3 Networker

Hi Guys

 

One of our customer facing issue that unable to see recent traffic logs for particular source and destination in gui. But we could see the live session on cli by the command "show session all filter source 192.168.x.X destination 172.17.X.X".

 

Session working as expected. but we need to see the traffic logs on gui. restarted the mgmt server but no luck. anyone facing this kind of issue. please share your thoughts

 

Regards

Mohammed Asik

5 REPLIES 5

L6 Presenter

Hi @MohammedAsik ,

 

Just to confirm again, Is it happening for given specific source & IP addresses or you're not able to see traffic logs for all the traffic? If this is for only specific source & destination, please check if Log at Session Start and/or Log at Session End is enabled under Security Policy which is allowing this traffic. At least, Log at Session End should be is selected.

 

Hope it helps!

Mayur

M

Check out my YouTube channel - https://www.youtube.com/@NetworkTalks

HI Mayur

 

Yes, Its happening only for specific source and destination. log session end and start were enabled on security policy.

 

One more time I explain you clearly. I have one security rule that contains 5 source ips from trust zone and one destination ip from another local zone. For 2 src IPs we haven't see the logs in Gu but for other 3 Ip's we are able see the logs which are in same security rule.

For those 2 src IP's traffic logs were received one day before.

 

Is there any process need to restart to to fix this issue ?

 

Regards

Mohammed Asik

We recently ran into a bug where the Palo was not logging some traffic if it hit a rule that did not have Zones defined.  Does your security rule happen to not have Zones defined?

Hi 

 

No, In security rule zones are defined

 

Regards

Mohammed Asik

Hi Guys

 

I have found the issue. Old session not get deleted. After I cleared the existing session ID by clear session id, firewall creates the new session and its created the logs in GUI

Now issue has been resolved. Thank you all 

Regards

Mohammed Asik

  • 7071 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!