Panorama receiving logs but stop showing in GUI

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Panorama receiving logs but stop showing in GUI

L2 Linker

I found the issue about Panorama receives logs just fine but on GUI stop and saw the last record was two weeks ago, not show new log on GUI.

 

  • I try to restart process logd and restarted management server but not fix.
  • I found disks shows unavailable in panorama.
  • Status elasticsearch process is running and status log collector is green.
  • Panorama 10.1.6-h6

Screen Shot 2565-11-24 at 10.07.51.pngScreen Shot 2565-11-24 at 10.13.36.png

 

Please let me know, If someone who know the way to fix this issue. 

 

Panorama 

1 accepted solution

Accepted Solutions

L4 Transporter

H @Jitaphon i, something similar happened to me.

 

The solution by TAC, in the first instance was to restart the elasticsearch service in PANORAMA. Despite the restart, the service was not up, therefore the solution from TAC was directly the restart.

 

We decided to take advantage of the restart to upgrade from 9.1.4 to 9.1.14. After the reboot, the logs are gradually appearing correctly in PANORAMA.

 

Best regards

High Sticker

View solution in original post

4 REPLIES 4

L4 Transporter

H @Jitaphon i, something similar happened to me.

 

The solution by TAC, in the first instance was to restart the elasticsearch service in PANORAMA. Despite the restart, the service was not up, therefore the solution from TAC was directly the restart.

 

We decided to take advantage of the restart to upgrade from 9.1.4 to 9.1.14. After the reboot, the logs are gradually appearing correctly in PANORAMA.

 

Best regards

High Sticker

L1 Bithead

Can you paste the output of 

"show log-collector-es-cluster health"

Do you have any unallocated shards?

L2 Linker

Thanks, after restart elasticsearch process, we found log already shows on GUI Panorama and the collector statistics status is available. So, the possible cause of the issue is after pan-os upgrading and rebooting right?

Most likely yes. In my case it was only after restarting Panorama (but elasticsearch had unallocated shards and support had to delete them with root access). Good news is, upgrading from 10.2.2 to 10.2.3 had no problems with elasticsearch. Did you perhaps changed Panorama mode from Legacy to Panorama? That may have also caused the issue.

  • 1 accepted solution
  • 3690 Views
  • 4 replies
  • 1 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!