This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew

Config/System Logs Not Forwarding to Syslog Server

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Config/System Logs Not Forwarding to Syslog Server

V.Sambath
L2 Linker

‎03-26-2026 06:53 AM

I am currently facing an issue where Configuration and System logs are not being forwarded to the syslog server, even though the configuration appears to be correct.

  • Standalone Firewall
  • PAN-OS Version: 11.x
  • Syslog Server: (configured and reachable for traffic logs)

 

Anyone encountered this issue? despite being following the ref article by Palo? 

How to Forward Config Logs to Syslog Server 

 

1 person had this problem.
0 Likes Likes
6 REPLIES 6

V.Sambath
L2 Linker

‎03-26-2026 06:55 AM

 
Preview file
112 KB
Preview file
137 KB
0 Likes Likes

V.Sambath
L2 Linker
In response to V.Sambath

‎03-26-2026 06:59 AM

Config1.pngConfig2.png

0 Likes Likes

BPry
Cyber Elite

‎03-26-2026 07:03 AM

@V.Sambath,

A couple of questions:

  1. Was this working previously, or is this a brand new setup that has never worked?
  2. Have you verified whether or not you're actually seeing traffic from the firewall on the receiving node or not? Depending on the system and the way that it's configured, it could be dropping the logs because it's failing to parse them. 
  3. If the traffic crosses the dataplane (IE: if your MGMT interface routes through your firewall to reach your syslog server or you utilize a dataplane interface to send the logs) have you verified that the firewall is attempting to send the logs? 
0 Likes Likes

V.Sambath
L2 Linker
In response to BPry

‎03-26-2026 07:23 AM

1. This is an existing setup. Traffic and other logs are being successfully forwarded to the syslog server; however, Config and System logs have never been forwarded.

2. Service Route is currently set to "Use Default." 

3. Since traffic logs are working, it appears the dataplane path is fine. I also tried validating logs sent and I could see that Config logs are sent as expected. Below o/p, Config3.png

0 Likes Likes

ChrisWietharn
L1 Bithead

‎03-26-2026 08:26 AM

Having the same issue since early February, opened a case with Palo.

All other syslog types are sending

Running 11.1.13

CLI syslog forwarding show dequeued packets, but most of the time no sent packets.

Interesting on a reboot or restart of the management plane it will then dump all the config logs but still broke after the reboot.  Seeing dropped packets.  Palo and Syslog server are on the same zone.

Have a DR firewall same hardware, PAN-OS, syslog configuration and same syslog server and its working.

 

I believe Palo has a bug in 11.1

0 Likes Likes

V.Sambath
L2 Linker
In response to ChrisWietharn

‎04-06-2026 03:34 AM

@ChrisWietharn  Today I noticed a strange thing, when i execute >debug log-receiver statistics,  my Config logs written rate is not increasing whereas System logs are continue to increase. Despite of this, no logs are sent. I am gonna clear the session between Syslog and MGT IP and see the results. Has Palo provided a fix for this issue to date?

 

Line   22: Config logs written:           4334
Line 257: Config logs written:           4334
Line 491: Config logs written:           4334
0 Likes Likes
  • 860 Views
  • 6 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks