08-01-2022 12:13 PM - edited 08-01-2022 09:28 PM
Hello good afternoon, as always thanks for the support and collaboration:
I recently added a couple of Raid to m-100, as these were not configured, I made the settings at log setting level to send only configuration and system logs of the firewalls. At the configuration level, everything is fine, from panorama to the firewalls, so that the log setting has the Panorama checkbox, Device-Log-Settings, of system logs, as the configuration log, without filters in both cases, ie "All Log" in all of firewalls.
Everything is fine from the local configuration of the managed collector and the collector group. It appears in the Panorama gui as Connected and In sync, in green everything ok. all ready with the respective commit and push to the local collector. Although it is only one local collector, add the Device Log Forwarding list, all the firewalls and pointing to the local collector, the only one.
The issue is that in Panorama, I go to check the logs, I go to Monitor to the Log part "System" and "Configuration" I see nothing in Panorama, absolutely nothing ... I go to the firewall directly and if there are system and configuration logs.
I have already validated the connectivity and port issues and everything is ok without restrictions.
Infra-environment: Firewalls Pan-os 9.1.4 and M-100 Panorama.
What do you suggest to check, adjust, reboot, restart,etc ?
I remain attentive
Thank you, best regards
08-01-2022 06:42 PM
Hello @Metgatz
could you confirm that Panorama managed Firewalls are configured to send system and configuration logs to Panorama? Please refer in Firewall to Device > Log Settings > System/Configuration. Make sure that "Panorama" check box is selected.
Kind Regards
Pavel
08-01-2022 09:27 PM
Hello @PavelK
Thank you for your response
Good evening, yes that is correct, this is also already configured in all the firewalls.
The log configuration has the Panorama, Device-Log-Settings checkbox, of the system logs, as of the configuration log, without filters in both cases, i.e. "All Log" in all of firewalls.
08-01-2022 11:34 PM
Thank you for reply @Metgatz
could you confirm in Panorama that Firewalls are sending System/Configuration logs?
Could you login to log collector, then issue: show logging-status device <Serial Number of one of the Firewall>
In the bottom part of the output, there should be entry for config and system logs with "Last Log Rcvd". If you see that logs are coming in, then the issue is within Panorama.
Could you also confirm that under: Collector Group > General > Log Storage > Log Storage Settings > Infrastructure and Audit Logs, there is allocated quota?
Kind Regards
Pavel
08-11-2022 06:47 PM
I have seen a similar thing after recently updating Panorama from 9.1 to 10.1. The update required a disk rebuilt to provide sufficient space. In Panorama, under monitor -> logs, there is no longer a system or configuration menu item
08-19-2022 01:16 PM
Hello, good afternoon.
What you mention yes, it is already configured.
When checking by serial number-SN, from Panorama, in CLI, indeed, it shows date and time of configuration and system logs, this clear at CLI level.
We restarted the management server of both the firewalls and Panorama and no, if one checks the tab, Monitor, Logs, neither in All appear logs of the firewalls, nor the "Icons of the system or configuration logs", when one selects the corresponding device group.
At raid level Two Raid OK ( PA-52XX ), everything is ok, at collector and group level also ok configured, Device forwarding is set, pointing all the firewalls to the only collector, the local collector of Panorama. Checking from the direct Firewall if there are logs, in system and configuration, but in Panorama, Monitor-Logs, not even the System or Configuration Icons appear.
At the connectivity level there are no issues, everything is working fine in terms of config push, etc.
PAN-OS 9.1.4 both in Panorama and in the firewalls.
Please support me with steps to follow, suggestions, etc.
Thank you very much for your help.
I remain attentive
Best regards
08-21-2022 04:24 PM
Thank you for reply @Metgatz
what you described is expected behavior. You will only see Configuration and System logs when you select: "All" top of the hierarchy of Device Group:
By selecting a Device Group that is lower in the hierarchy, you will not see the Configuration and System log tabs.
Kind Regards
Pavel
08-21-2022 04:32 PM
Hello, thank you for your reply.
As I put in the previous comment, when I put "All" I do not see any log, except the logs of PANORAMA itself, but of the firewalls, nothing.
Everything is already well configured, disks, local collector, preference list, log settings in the firewalls, etc. Everything appears connected, in green, via cli indicates that the logs are supposed to be arriving, the management servers of Panorama and the firewalls have been restarted and nothing, there are still no logs in PANORAMA.
Please your support, suggestions, etc. to solve this problem.
I remain attentive to your comments.
Thanks
Best regards
08-21-2022 08:44 PM
Thank you for reply @Metgatz
since you mentioned you are running 9.1.4, as a next step I would personally recommend an upgrade to 9.1.14-h4.
Kind Regards
Pavel
11-23-2022 01:07 PM
Hello @Rajsv
Something similar happened to me.
Check if the elasticsearch service is running.
show system software status | match elasticsearch
If not restart it:
debug software restart process elasticsearch
show system software status | match elasticsearch
Also validate if the firewalls are sending logs.
Something similar happened to me, it is supposed to take hours for the logs to be indexed. In my case despite them I finally had to restart PANORAMA, because despite forcing elasticsearch to restart it was not active again.
Good luck
Regards
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
