Issue with forwarding logs to Panorama

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Issue with forwarding logs to Panorama

L3 Networker

Hi Folks,

 

We have PA-7000 series firewall configured to forward logs to Panorama.

 

Recently the firewall stopped forwarding logs to Panorama. In the logrcvr msg we could see the below output. Here the 10.0.2.250 is the Panorama and the 10.0.2.252 is the firewall.

 

On the panorama device summary we could see that the firewall is showing as connected and we are able to commit and push the changes to Firewall from Panorma without any issues.

 

Do we need to configure LFC on PA-7000 series firewall to forward the logs to the Panorama. Is separate interface need to be configured to forward the logs to Panorama.

 

 

 

2022-03-22 11:20:07   2022-03-22 11:20:07.138 +0530 connecting to remote address 10.0.2.250 @ fd -1
s8lfp0    logrcvr.log                        2022-03-22 11:20:17   2022-03-22 11:20:17.148 +0530 Server IPv4 address 10.0.2.250
s8lfp0    logrcvr.log                        2022-03-22 11:20:17   2022-03-22 11:20:17.148 +0530 Client starting. addr=10.0.2.250 port=3978 retry=2
s8lfp0    logrcvr.log                        2022-03-22 11:20:17   2022-03-22 11:20:17.148 +0530 COMM: Source bind sock 23 to 10.0.2.252 before connect to remote ip [10.0.2.250] @port 3978
s8lfp0    logrcvr.log                        2022-03-22 11:20:20   2022-03-22 11:20:20.147 +0530 Error:  pan_comm_get_tcp_conn_gen(comm_utils.c:604): COMM: cannot connect. remote ip=10.0.2.250 port=3978 err=No route to host(148) sock=23
s8lfp0    logrcvr.log                        2022-03-22 11:20:20   2022-03-22 11:20:20.147 +0530 connecting to remote address 10.0.2.250 @ fd -1
s8lfp0    logrcvr.log                        2022-03-22 11:20:30   2022-03-22 11:20:30.158 +0530 Server IPv4 address 10.0.2.250
s8lfp0    logrcvr.log                        2022-03-22 11:20:30   2022-03-22 11:20:30.158 +0530 Client starting. addr=10.0.2.250 port=3978 retry=3
s8lfp0    logrcvr.log                        2022-03-22 11:20:30   2022-03-22 11:20:30.158 +0530 COMM: Source bind sock 23 to 10.0.2.252 before connect to remote ip [10.0.2.250] @port 3978
s8lfp0    logrcvr.log                        2022-03-22 11:20:33   2022-03-22 11:20:33.157 +0530 Error:  pan_comm_get_tcp_conn_gen(comm_utils.c:604): COMM: cannot connect. remote ip=10.0.2.250 port=3978 err=No route to host(148) sock=23
s8lfp0    logrcvr.log                        2022-03-22 11:20:33   2022-03-22 11:20:33.157 +0530 connecting to remote address 10.0.2.250 @ fd -1
s8lfp0    logrcvr.log                        2022-03-22 11:20:43   2022-03-22 11:20:43.168 +0530 Server IPv4 address 10.0.2.250
s8lfp0    logrcvr.log                        2022-03-22 11:20:43   2022-03-22 11:20:43.168 +0530 Client starting. addr=10.0.2.250 port=3978 retry=4
s8lfp0    logrcvr.log                        2022-03-22 11:20:43   2022-03-22 11:20:43.168 +0530 COMM: Source bind sock 23 to 10.0.2.252 before connect to remote ip [10.0.2.250] @port 3978
s8lfp0    logrcvr.log                        2022-03-22 11:20:46   2022-03-22 11:20:46.167 +0530 Error:  pan_comm_get_tcp_conn_gen(comm_utils.c:604): COMM: cannot connect. remote ip=10.0.2.250 port=3978 err=No route to host(148) sock=23
s8lfp0    logrcvr.log                        2022-03-22 11:20:46   2022-03-22 11:20:46.167 +0530 connecting to remote address 10.0.2.250 @ fd -1
s8lfp0    logrcvr.log                        2022-03-22 11:20:56   2022-03-22 11:20:56.177 +0530 Error:  pan_conn_mgr_do_connect(cs_conn.c:11788): Failed to connect to ip address: 10.0.2.250. Timing out
s8lfp0    logrcvr.log                        2022-03-22 11:20:56   2022-03-22 11:20:56.178 +0530 Error:  pan_conn_mgr_connect_to_server_impl(cs_conn.c:12329): Not able to connect() to server 10.0.2.250

log 

0 REPLIES 0
  • 1494 Views
  • 0 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!