PANORAMA does not show the configuration or system logs of the firewalls

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

PANORAMA does not show the configuration or system logs of the firewalls

L4 Transporter

Hello good afternoon, as always thanks for the support and collaboration:

 

I recently added a couple of Raid to m-100, as these were not configured, I made the settings at log setting level to send only configuration and system logs of the firewalls. At the configuration level, everything is fine, from panorama to the firewalls, so that the log setting has the Panorama checkbox, Device-Log-Settings, of system logs, as the configuration log, without filters in both cases, ie "All Log" in all of firewalls.

 

Everything is fine from the local configuration of the managed collector and the collector group. It appears in the Panorama gui as Connected and In sync, in green everything ok. all ready with the respective commit and push to the local collector. Although it is only one local collector, add the Device Log Forwarding list, all the firewalls and pointing to the local collector, the only one.

 

The issue is that in Panorama, I go to check the logs, I go to Monitor to the Log part "System" and "Configuration" I see nothing in Panorama, absolutely nothing ... I go to the firewall directly and if there are system and configuration logs.

 

I have already validated the connectivity and port issues and everything is ok without restrictions.

Infra-environment: Firewalls Pan-os 9.1.4 and M-100 Panorama.

 

What do you suggest to check, adjust, reboot, restart,etc ?

 

I remain attentive

 

Thank you, best regards

High Sticker
11 REPLIES 11

Cyber Elite
Cyber Elite

Hello @Metgatz

 

could you confirm that Panorama managed Firewalls are configured to send system and configuration logs to Panorama? Please refer in Firewall to Device > Log Settings > System/Configuration. Make sure that "Panorama" check box is selected.

 

Kind Regards

Pavel

Help the community: Like helpful comments and mark solutions.

Hello @PavelK 


Thank you for your response

Good evening, yes that is correct, this is also already configured in all the firewalls.
The log configuration has the Panorama, Device-Log-Settings checkbox, of the system logs, as of the configuration log, without filters in both cases, i.e. "All Log" in all of firewalls.

High Sticker

Cyber Elite
Cyber Elite

Thank you for reply @Metgatz

 

could you confirm in Panorama that Firewalls are sending System/Configuration logs?

Could you login to log collector, then issue: show logging-status device <Serial Number of one of the Firewall>

In the bottom part of the output, there should be entry for config and system logs with "Last Log Rcvd". If you see that logs are coming in, then the issue is within Panorama.

 

Could you also confirm that under: Collector Group > General > Log Storage > Log Storage Settings > Infrastructure and Audit Logs, there is allocated quota?

 

Kind Regards

Pavel

Help the community: Like helpful comments and mark solutions.

I have seen a similar thing after recently updating Panorama from 9.1 to 10.1.  The update required a disk rebuilt to provide sufficient space. In Panorama, under monitor -> logs, there is no longer a system or configuration menu item

Hello, good afternoon.

 

What you mention yes, it is already configured.

 

When checking by serial number-SN, from Panorama, in CLI, indeed, it shows date and time of configuration and system logs, this clear at CLI level.

 

We restarted the management server of both the firewalls and Panorama and no, if one checks the tab, Monitor, Logs, neither in All appear logs of the firewalls, nor the "Icons of the system or configuration logs", when one selects the corresponding device group.

 

At raid level Two Raid OK ( PA-52XX ), everything is ok, at collector and group level also ok configured, Device forwarding is set, pointing all the firewalls to the only collector, the local collector of Panorama. Checking from the direct Firewall if there are logs, in system and configuration, but in Panorama, Monitor-Logs, not even the System or Configuration Icons appear.

 

At the connectivity level there are no issues, everything is working fine in terms of config push, etc.

 

PAN-OS 9.1.4 both in Panorama and in the firewalls.

 

Please support me with steps to follow, suggestions, etc.

 

Thank you very much for your help.

 

I remain attentive

 

Best regards

High Sticker

Cyber Elite
Cyber Elite

Thank you for reply @Metgatz

 

what you described is expected behavior. You will only see Configuration and System logs when you select: "All" top of the hierarchy of Device Group:

 

PavelK_0-1661124085319.png

By selecting a Device Group that is lower in the hierarchy, you will not see the Configuration and System log tabs.

 

Kind Regards

Pavel

Help the community: Like helpful comments and mark solutions.

Hello, thank you for your reply.

 

As I put in the previous comment, when I put "All" I do not see any log, except the logs of PANORAMA itself, but of the firewalls, nothing.

 

Everything is already well configured, disks, local collector, preference list, log settings in the firewalls, etc. Everything appears connected, in green, via cli indicates that the logs are supposed to be arriving, the management servers of Panorama and the firewalls have been restarted and nothing, there are still no logs in PANORAMA.

 

Please your support, suggestions, etc. to solve this problem.

 

I remain attentive to your comments.

 

Thanks

 

Best regards

 

High Sticker

Cyber Elite
Cyber Elite

Thank you for reply @Metgatz

 

since you mentioned you are running 9.1.4, as a next step I would personally recommend an upgrade to 9.1.14-h4.

 

Kind Regards

Pavel

Help the community: Like helpful comments and mark solutions.

L0 Member

We are already running 9.1.14-h4 on firewalls and recently few days back we upgraded our Panorama to 10.1.8 and do not see System logs of firewalls any more on DG: All

Hello @Rajsv 

 

Something similar happened to me.

Check if the elasticsearch service is running.

show system software status | match elasticsearch

If not restart it:

debug software restart process elasticsearch

show system software status | match elasticsearch

Also validate if the firewalls are sending logs.

Something similar happened to me, it is supposed to take hours for the logs to be indexed. In my case despite them I finally had to restart PANORAMA, because despite forcing elasticsearch to restart it was not active again.

 

Good luck

 

Regards

High Sticker

L0 Member

Firewalls are sending logs for sure, we could see traffic logs but the system logs are missing. elasticsearch is running and also we rebooted Panorama in between, still no luck.

  • 7058 Views
  • 11 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!