We have a set of NGFWs that somehow are pointed to an old tenant ID and therefor not dropping the logs into the CDL. We have put in a TAC case but haven't gotten any resolution as of yet.
Is there a way in the CLI to change the tenant ID? Or is this a log forwarding profile issue?
Any assistance would be helpful.
I know your request is about 3 weeks ago, but I thought I would respond back.
First, there is no way to change the tenant ID.
But, maybe there are cli commands to clear out the entire CDL/tenant ID certs and program back in the correct ones.
These maybe old commands, but here is generally what I was thinking:
debug plugins cloud_services reset-endpoint
debug plugins cloud_services prisma-access get-job-result
debug software restart process dirsyncd core yes
FW> delete license key *key
FW> request license fetch
FW> request logging-service-forwarding certificate delete
FW> request logging-service-forwarding certificate fetch
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!