07-24-2014 09:43 AM
Today i have found some problem with network traffic logs in PAN OS 5.0.3. i am not getting proper logs of network traffic any suggestion!!!!
Are you unable to see logs under Monitor > traffic....?
You may check with below mentioned CLI command, to confirm that the PAN firewall is generating traffic logs:
admin@31-PA-3020> debug log-receiver statistics
Log incoming rate: 2/sec
Log written rate: 2/sec >>>>>>>>>>>>>>>>>>>>>
Corrupted packets: 0
Corrupted URL packets: 0
Logs discarded (queue full): 0
Traffic logs written: 504023
URL logs written: 2133
Wildfire logs written: 0
Anti-virus logs written: 0
Spyware logs written: 5009
Attack logs written: 0
Vulnerability logs written: 36
Fileext logs written: 69
URL cache age out count: 1826
URL cache full count: 0
URL cache key exist count: 0
Traffic alarms dropped due to sysd write failures: 0
Traffic alarms dropped due to global rate limiting: 0
Traffic alarms dropped due to each source rate limiting: 0
Traffic alarms generated count: 0 >>>>>>>>>>>>>>>>>>>>>>>>
Log Forward count: 0
Log Forward discarded (queue full) count: 0
Log Forward discarded (send error) count: 0
Num current drop entries in trsum:0
Num cumulative drop entries in trsum:0
Num current drop entries in thsum:0
Num cumulative drop entries in thsum:0
External Forwarding stats:
Type Enqueue Count Send Count Drop Count Queue Depth Send Rate(last 1min)
syslog 511369 511368 1 0 0
snmp 0 0 0 0 0
email 0 0 0 0 0
raw 511369 511369 0 0 0
can you please more deails on "proper log"? Does it show any logs are no logs ?
07-24-2014 09:57 AM
What log settings are enabled in the security-policy:
07-24-2014 10:32 AM
I have not try with CLI but In GUI i m not able to find out. if any log comes in Monitor Tab its take around 20-30 mint gap.
07-24-2014 10:35 AM
Lets say if you are browsing, then you are supposed to close the page in browser. So session is terminated and firewall generates log.
If not, it waits till session timeout and then generates log.
07-24-2014 10:43 AM
As Hardik said, you need to close the browser or connection to generate traffic logs ( assuming that, you have only enabled "log at session end" on security policy). Otherwise, it will keep the session active till default session timeout value.
Default timeout values are given below:
TCP default timeout: 3600 secs
TCP session timeout before SYN-ACK received: 5 secs
TCP session timeout before 3-way handshaking: 10 secs
TCP session timeout after FIN/RST: 30 secs
UDP default timeout: 30 secs
ICMP default timeout: 6 secs
other IP default timeout: 30 secs
Captive Portal session timeout: 30 secs
Session timeout in discard state:
TCP: 90 secs, UDP: 60 secs, other IP protocols: 60 secs
Hope this helps.
07-24-2014 10:57 AM
Thanks for reply dud... _/\_
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!