This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

VM series firewalls not sending logs to Panorama

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Palo Alto Networks Approved
Palo Alto Networks Approved
Community Expert Verified
Community Expert Verified

VM series firewalls not sending logs to Panorama

Go to solution
Verac22
L1 Bithead

‎03-09-2023 05:16 AM

Hello again all,

 

 

My next hurdle is figuring out why my VM-Series firewalls aren't getting their logs to the panorama server.

 

I've checked the following soo far:

  1. Network path between the firewalls and panorama look good. it's allowing ICMP and all TCP.
  2. Managed collectors (local to this panorama an an HA panorama) show green, in sync, green health status.
  3. There's just one collector group with with both of those collectors in it
  4. I've added the VM-series firewalls into the Device log forwarding section on the collector group
  5. In the firewall policies, there is traffic hitting them and the action is set to log and forward to a log forwarding profile
  6. log forwarding profile has objects to forward all traffic and threat logs to panorama.

I'm unaware if I'm issuing any configuration points in the above.

If I go to the firewall and run a "debug management-server log-collector-agent-status" there are no agents listed. If I run a "show logging-status", I see a variety of collectors but they are all in a "lr - Inactive" state under connection status.

 

Any idea what I'm missing?

 

0 Likes Likes
1 accepted solution

Accepted Solutions

Go to solution
PavelK
Cyber Elite
Cyber Elite

‎03-09-2023 01:44 PM

Hello @Verac22

 

thanks for the post!

 

Could you run on the Firewall side this command: "show log-collector preference-list"? If it does not return the IP addresses of Log Collectors, I would restart management process of the Firewall. Here is reference KB.

 

When you assigned the Firewalls to log collectors did you push the configuration to log collectors after you committed the change in Panorama? Without this step, the configuration will not be applied and logs will not come. Reference Step No.12, point No.8 in the Doc. 

 

Kind Regards

Pavel

Help the community: Like helpful comments and mark solutions.

View solution in original post

0 Likes Likes
(1)
3 REPLIES 3

Go to solution
PavelK
Cyber Elite
Cyber Elite

‎03-09-2023 01:44 PM

Hello @Verac22

 

thanks for the post!

 

Could you run on the Firewall side this command: "show log-collector preference-list"? If it does not return the IP addresses of Log Collectors, I would restart management process of the Firewall. Here is reference KB.

 

When you assigned the Firewalls to log collectors did you push the configuration to log collectors after you committed the change in Panorama? Without this step, the configuration will not be applied and logs will not come. Reference Step No.12, point No.8 in the Doc. 

 

Kind Regards

Pavel

Help the community: Like helpful comments and mark solutions.
0 Likes Likes
(1)

Go to solution
Verac22
L1 Bithead
In response to PavelK

‎03-09-2023 01:50 PM

Restarting the management process did the trick. I BELIEVE I had done a push to device, though I could be wrong.

 

Bonus question: Do you know if there is a way to automate adding a firewall to collector groups's device log forwarding section? These firewalls can be stood up or down so right now I think I'll have to add/remove them manually if there is a teardown event.

0 Likes Likes

Go to solution
PavelK
Cyber Elite
Cyber Elite

‎03-10-2023 12:50 PM

Thank you for reply @Verac22

 

unfortunately, I am not aware of anything outside of steps for regular firewall onboarding in Step No.3, point No.6: Doc. If I come across something that addresses this, I will re-visit this post.

 

Kind Regards

Pavel

Help the community: Like helpful comments and mark solutions.
0 Likes Likes
  • 1 accepted solution
  • 2149 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks