- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
03-09-2023 05:16 AM
Hello again all,
My next hurdle is figuring out why my VM-Series firewalls aren't getting their logs to the panorama server.
I've checked the following soo far:
I'm unaware if I'm issuing any configuration points in the above.
If I go to the firewall and run a "debug management-server log-collector-agent-status" there are no agents listed. If I run a "show logging-status", I see a variety of collectors but they are all in a "lr - Inactive" state under connection status.
Any idea what I'm missing?
03-09-2023 01:44 PM
Hello @Verac22
thanks for the post!
Could you run on the Firewall side this command: "show log-collector preference-list"? If it does not return the IP addresses of Log Collectors, I would restart management process of the Firewall. Here is reference KB.
When you assigned the Firewalls to log collectors did you push the configuration to log collectors after you committed the change in Panorama? Without this step, the configuration will not be applied and logs will not come. Reference Step No.12, point No.8 in the Doc.
Kind Regards
Pavel
03-09-2023 01:44 PM
Hello @Verac22
thanks for the post!
Could you run on the Firewall side this command: "show log-collector preference-list"? If it does not return the IP addresses of Log Collectors, I would restart management process of the Firewall. Here is reference KB.
When you assigned the Firewalls to log collectors did you push the configuration to log collectors after you committed the change in Panorama? Without this step, the configuration will not be applied and logs will not come. Reference Step No.12, point No.8 in the Doc.
Kind Regards
Pavel
03-09-2023 01:50 PM
Restarting the management process did the trick. I BELIEVE I had done a push to device, though I could be wrong.
Bonus question: Do you know if there is a way to automate adding a firewall to collector groups's device log forwarding section? These firewalls can be stood up or down so right now I think I'll have to add/remove them manually if there is a teardown event.
03-10-2023 12:50 PM
Thank you for reply @Verac22
unfortunately, I am not aware of anything outside of steps for regular firewall onboarding in Step No.3, point No.6: Doc. If I come across something that addresses this, I will re-visit this post.
Kind Regards
Pavel
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!