Setting up log collection in Panorama

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Setting up log collection in Panorama

L2 Linker

Hi,

 

Very new to Palo, just doing a PoC in AWS at the moment.

 

I've got Panorama and 2 VM-100 firewalls deployed. Trying to get traffic logs from the firewalls into Panorama. I've used the two links below to configure it

 

https://docs.paloaltonetworks.com/panorama/10-1/panorama-admin/manage-log-collection/log-collection-...

https://docs.paloaltonetworks.com/panorama/10-1/panorama-admin/manage-log-collection/configure-log-f...

 

Everything appears to be setup as per the documentation. Rules are logging, I can see them in the firewall GUI, but no logs appear in the Panorama GUI.

 

Any suggestions on further debug?

1 accepted solution

Accepted Solutions

Cyber Elite
Cyber Elite

Thank you for reply @alan-griffiths

 

from the provided log, I am unfortunately not able determine what the issue is and running out of ideas.

 

Last thing I would do is perform below steps:

 

In Panorama navigate to: Commit > Push to Device> Edit Selection > Deselect All for Device Groups and Templates > Collector Groups > select Collector Group and click OK and Push.

 

In Firewall restart log receiver process: debug software restart process log-receiver

Then check logs in Firewall to see there is any error: less mp-log logrcvr.log

 

Kind Regards

Pavel

Help the community: Like helpful comments and mark solutions.

View solution in original post

6 REPLIES 6

Cyber Elite
Cyber Elite

Hello @alan-griffiths

 

since it is a new installation it could be anything at this stage. To isolate issue to either Firewall or Panorama side, could you please run below commands and share the output:

 

Firewall:

show log-collector preference-list

show logging-status

 

Panorama:

show logging-status device <serial number of Firewall>

 

Depending on the output from the above commands, I would set next course of action, however on general note make sure that Firewall as well as Panorama are set to the same time/time zone: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClXACA0 and make sure that Firewall is added to log collector under: Panorama > Collector Groups > [Collector Name] > Device Log Forwarding > Devices > Modify > [Select Firewall] and press OK to apply. Do not forget to commit this change and push configuration to log collector under Commit > Push to Devices > Edit Selection > Collector Groups > [Collector Name] > OK.

 

Kind Regards

Pavel

Help the community: Like helpful comments and mark solutions.

On the firewall

admin@ip-10-201-50-52> show log-collector preference-list 

Log Collector Preference List
Forward to all: No
Serial Number: 000710009677 IP Address: 10.201.24.12 IPV6 Address: unknown

admin@ip-10-201-50-52> show logging-status


-----------------------------------------------------------------------------------------------------------------------------
      Type      Last Log Created        Last Log Fwded       Last Seq Num Fwded  Last Seq Num Acked         Total Logs Fwded
-----------------------------------------------------------------------------------------------------------------------------

Log Collector           :       CMS 0
Connection IP           :     lr-cms0
Conn Source IP          : lr - def
High speed mode         :    Disabled
Connection Status       : lr - Inactive
Rate                    :  0 logs/sec

      traffic         Not Available         Not Available                        0                   0                        0
       threat         Not Available         Not Available                        0                   0                        0
     hipmatch         Not Available         Not Available                        0                   0                        0
   gtp-tunnel         Not Available         Not Available                        0                   0                        0
         auth         Not Available         Not Available                        0                   0                        0
        iptag         Not Available         Not Available                        0                   0                        0
       userid         Not Available         Not Available                        0                   0                        0
         sctp         Not Available         Not Available                        0                   0                        0
   decryption         Not Available         Not Available                        0                   0                        0
       config         Not Available         Not Available                        0                   0                        0
       system         Not Available         Not Available                        0                   0                        0
globalprotect         Not Available         Not Available                        0                   0                        0


Log Collector           : 000710009677
Connection IP           : lr-10.201.24.12
Conn Source IP          : lr - def
High speed mode         :    Disabled
Connection Status       : lr - Inactive
Rate                    :  0 logs/sec

      traffic         Not Available         Not Available                        0                   0                        0
       threat         Not Available         Not Available                        0                   0                        0
     hipmatch         Not Available         Not Available                        0                   0                        0
   gtp-tunnel         Not Available         Not Available                        0                   0                        0
         auth         Not Available         Not Available                        0                   0                        0
        iptag         Not Available         Not Available                        0                   0                        0
       userid         Not Available         Not Available                        0                   0                        0
         sctp         Not Available         Not Available                        0                   0                        0
   decryption         Not Available         Not Available                        0                   0                        0
       config         Not Available         Not Available                        0                   0                        0
       system         Not Available         Not Available                        0                   0                        0
globalprotect         Not Available         Not Available                        0                   0                        0


Log Collector           :            
Connection IP           :     lr-cms1
Conn Source IP          : lr - def
High speed mode         :    Disabled
Connection Status       : lr - Inactive
Rate                    :  0 logs/sec

      traffic         Not Available         Not Available                        0                   0                        0
       threat         Not Available         Not Available                        0                   0                        0
     hipmatch         Not Available         Not Available                        0                   0                        0
   gtp-tunnel         Not Available         Not Available                        0                   0                        0
         auth         Not Available         Not Available                        0                   0                        0
        iptag         Not Available         Not Available                        0                   0                        0
       userid         Not Available         Not Available                        0                   0                        0
         sctp         Not Available         Not Available                        0                   0                        0
   decryption         Not Available         Not Available                        0                   0                        0
       config         Not Available         Not Available                        0                   0                        0
       system         Not Available         Not Available                        0                   0                        0
globalprotect         Not Available         Not Available                        0                   0                        0

On the Panorama

admin@Panorama> show logging-status device 007955000324512

      Type            Last Log Rcvd        Last Seq Num Rcvd       Last Log Generated


Source IP         : Default
Destination IP    : Default
Source Daemon     : unknown
Connection Id      : 007955000324512
Log rate: 0
    config                      N/A                      N/A                      N/A
    system                      N/A                      N/A                      N/A
    threat                      N/A                      N/A                      N/A
   traffic                      N/A                      N/A                      N/A
  hipmatch                      N/A                      N/A                      N/A
gtp-tunnel                      N/A                      N/A                      N/A
    userid                      N/A                      N/A                      N/A
     iptag                      N/A                      N/A                      N/A
      auth                      N/A                      N/A                      N/A
      sctp                      N/A                      N/A                      N/A
decryption                      N/A                      N/A                      N/A
globalprotect                      N/A                      N/A                      N/A

Regards timezone, I can confirm both Panorama and Firewalls are configured for Etc/UTC and synced with NTP.

See attached screenshot for log collector group.

Cyber Elite
Cyber Elite

Thank you for reply @alan-griffiths

 

based on the output you provided there is a connection issue. The connection status is "inactive".

 

Could you please confirm the status of the Firewall in Panorama under: Panorama > Managed Devices > Summary. If the status is not connected, could you go through this KB: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClaWCAS

 

If anything in the above KB provides solution, could you check on Firewall side from CLI logs: tail lines 500 mp-log ms.log

 

Kind Regards

Pavel

Help the community: Like helpful comments and mark solutions.

Firewall is reported as connected and In Sync.

Log is below

admin@ip-10-201-50-52> tail lines 500 mp-log ms.log 
2022-08-24 08:11:53.353 -0700 ===================== MS: start ======================
2022-08-24 08:11:53.355 -0700 MS: SSL lib initialized
2022-08-24 08:11:53.355 -0700 Warning:  pan_hash_init(pan_hash.c:113): nbuckets 2000 is not power of 2!
2022-08-24 08:11:53.355 -0700 Warning:  pan_hash_init(pan_hash.c:113): nbuckets 2000 is not power of 2!
2022-08-24 08:11:53.355 -0700 Warning:  pan_hash_init(pan_hash.c:113): nbuckets 2000 is not power of 2!
2022-08-24 08:11:53.355 -0700 MS: connection manager initialized
2022-08-24 08:11:53.370 -0700 sysd worker[0]: 7f1b944ff700: starting up...
2022-08-24 08:11:53.462 -0700 Error:  _glob_err_handler(pan_mgt_exec.c:552): Error occurred at /opt/pancfg/mgmt/saved-configs, (code : 2 ; message : No such file or directory)
2022-08-24 08:11:53.462 -0700 Error:  pan_sys_exec_expand_wildcard(pan_mgt_exec.c:573): get a read error
2022-08-24 08:11:53.462 -0700 Removing /tmp/.iddone in pan_cfg_remove_temporary_files
2022-08-24 08:11:53.482 -0700 Error:  pan_dir_create(pan_fs.c:301): failed to create dir /tmp/pan wih error 17
2022-08-24 08:11:53.689 -0700 succeed to initialize xslt security preference
2022-08-24 08:11:53.690 -0700 Not connected to sysd yet. Sleeping for 5 second..
2022-08-24 08:11:53.696 -0700 sysd worker[0]: 7f1b920f8700: starting up...
2022-08-24 08:11:53.696 -0700 sysd worker[0]: 7f1b938fd700: starting up...
2022-08-24 08:11:53.696 -0700 sysd worker[1]: 7f1b934fc700: starting up...
2022-08-24 08:11:53.696 -0700 sysd worker[2]: 7f1b930fb700: starting up...
2022-08-24 08:11:53.696 -0700 sysd worker[3]: 7f1b92cfa700: starting up...
2022-08-24 08:11:55.358 -0700 Sysd Event: SUCCESS
2022-08-24 08:11:55.690 -0700 Sysd Event: SUCCESS
2022-08-24 08:11:55.690 -0700 connected to sysd
2022-08-24 08:11:55.690 -0700 config manager:connected to sysd
2022-08-24 08:11:55.694 -0700 Management server started. Running version 10.1.6
2022-08-24 08:11:55.694 -0700 sw detail version 10.1.6
2022-08-24 08:11:55.695 -0700 Error:  _pan_cfg_parse_secure_conn_mgmt_settings(pan_sec_conn_parser.c:1220): File stats error: /opt/pancfg/mgmt/cms/ssl/pan_mgmt_secure_conn_cfg_current.xml
2022-08-24 08:11:55.695 -0700 Error:  pan_cfg_parse_secure_conn_mgmt_settings(pan_sec_conn_parser.c:1408): Failed to parse the secure connection settings
2022-08-24 08:11:55.695 -0700 Error:  pan_cfg_mgr_parse_secure_conn_settings(pan_cfg_mgr.c:47631): Failed to parse the secure conn settings for management.
2022-08-24 08:11:55.695 -0700 Error:  pan_cfg_mgr_construct_int(pan_cfg_mgr.c:33490): [Secure conn config parsing] Cannot parse the secure conn configuration.Please rectify the configuration and try again.
2022-08-24 08:11:55.695 -0700 Warning:  pan_log_proxy(pan_priv_log.c:269): Slog being proxied
2022-08-24 08:11:55.695 -0700 Initialized cfg mgr for management server
2022-08-24 08:11:55.811 -0700 MS: configuration manager initialized
2022-08-24 08:11:55.811 -0700 Error:  sc3_ca_exists(sc3_certs.c:221): SC3: Failed to get the current CA name.
2022-08-24 08:11:55.811 -0700 Warning:  sc3_init_sc3(sc3_utils.c:351): SC3: Failed to get the Current CC name
2022-08-24 08:11:55.811 -0700 Warning:  sc3_init_sc3(sc3_utils.c:373): SC3: No CSR present.
2022-08-24 08:11:56.863 -0700 Warning:  pan_log_proxy(pan_priv_log.c:269): Slog being proxied
2022-08-24 08:11:56.863 -0700 Warning:  sc3_init_sc3(sc3_utils.c:380): SC3: Device CSR set to 'b0e6bf7a-dad1-4f9f-8fac-74732a5554c6'
2022-08-24 08:11:56.863 -0700 SC3: CA: '', CC/CSR: 'b0e6bf7a-dad1-4f9f-8fac-74732a5554c6'
2022-08-24 08:11:56.863 -0700 SC3: initialized
2022-08-24 08:11:56.864 -0700 <vsys> tag does not exist
2022-08-24 08:11:56.864 -0700 Error:  pan_load_ca_subjects(pan_crl_ocsp.c:70): canot read the root ca file (/opt/pancfg/certificates/cac-ca-sec-4/0/HYUR1DNHrVKwag6)
2022-08-24 08:11:56.864 -0700 Error:  pan_load_ca_subjects(pan_crl_ocsp.c:70): canot read the root ca file (/opt/pancfg/certificates/cac-ca-sec-4/0/izx04OEwogJg1sk)
2022-08-24 08:11:56.864 -0700 Error:  pan_load_ca_subjects(pan_crl_ocsp.c:70): canot read the root ca file (/opt/pancfg/certificates/cac-ca-sec-4/0/vpHV88KjA7hIT3E)
2022-08-24 08:11:56.864 -0700 Error:  pan_load_ca_subjects(pan_crl_ocsp.c:70): canot read the root ca file (/opt/pancfg/certificates/cac-ca-sec-4/0/C6oXfQDCkIPA-xH)
2022-08-24 08:11:56.864 -0700 Error:  pan_load_ca_subjects(pan_crl_ocsp.c:70): canot read the root ca file (/opt/pancfg/certificates/cac-ca-sec-4/0/dEo21vgdxV2mYF8)
2022-08-24 08:11:56.864 -0700 Error:  pan_load_ca_subjects(pan_crl_ocsp.c:70): canot read the root ca file (/opt/pancfg/certificates/cac-ca-sec-4/0/Gy8z8lFWaN1qFjH)
2022-08-24 08:11:56.864 -0700 mgmt internal: client certificate profile commit
2022-08-24 08:11:56.865 -0700 DNS_API - dns_vsys_disabled: FALSE
2022-08-24 08:11:56.865 -0700 DNS_API - init dns_vsys_disabled: FALSE
2022-08-24 08:11:56.865 -0700 Constructed event manager (addr=0x55e732874500)
2022-08-24 08:11:56.867 -0700 Notifier created for management server, (addr=0x55e732842f00)
2022-08-24 08:11:56.867 -0700 Warning:  pan_hash_init(pan_hash.c:113): nbuckets 10000 is not power of 2!
2022-08-24 08:11:56.867 -0700 created thread pool(0x55e73286c480, 16)
2022-08-24 08:11:56.867 -0700 Error:  create_worker_threads(threadpool.c:27): thread pool configures with zero threads!
2022-08-24 08:11:56.867 -0700 created thread pool(0x55e73286c530, 0)
2022-08-24 08:11:56.867 -0700 Error:  create_worker_threads(threadpool.c:27): thread pool configures with zero threads!
2022-08-24 08:11:56.867 -0700 created thread pool(0x55e73286c5e0, 0)
2022-08-24 08:11:56.867 -0700 Non-blocking thread pool created for event manager, (addr=0x55e73286c480)
2022-08-24 08:11:57.030 -0700 MS: panorama module initialized
2022-08-24 08:11:57.030 -0700 MS: event manager initialized
2022-08-24 08:11:57.057 -0700 pan_lcsa_tcp_connect_pref_list: Created connect pref thread 
2022-08-24 08:11:57.064 -0700 MS: server address 7f000001 port:10000
2022-08-24 08:11:57.064 -0700 set TCP_NODELAY option on socket, port 10000
2022-08-24 08:11:57.064 -0700 Error:  tp_submit_srvr_fd_work(socksrvr.c:115): work(SRVR, 0x55e7328a02a0) submitted
2022-08-24 08:11:57.064 -0700 The max requests per client is set to 250 for server 10000 (fd=19)
2022-08-24 08:11:57.070 -0700 Warning:  sc3_get_current_sc3(sc3_utils.c:179): SC3: failed to get SNI
2022-08-24 08:11:57.070 -0700 Warning:  sc3_get_current_sc3(sc3_utils.c:182): SC3: failed to get CCN
2022-08-24 08:11:57.120 -0700 Warning:  sc3_get_current_sc3(sc3_utils.c:179): SC3: failed to get SNI
2022-08-24 08:11:57.120 -0700 Warning:  sc3_get_current_sc3(sc3_utils.c:182): SC3: failed to get CCN
2022-08-24 08:12:27.070 -0700 cmsa: agent index=0
2022-08-24 08:12:27.070 -0700 cmsa: agent index=1
2022-08-24 08:12:27.070 -0700 Warning:  sc3_get_current_sc3(sc3_utils.c:179): SC3: failed to get SNI
2022-08-24 08:12:27.070 -0700 Warning:  sc3_get_current_sc3(sc3_utils.c:182): SC3: failed to get CCN
2022-08-24 08:12:27.070 -0700 Warning:  sc3_get_current_sc3(sc3_utils.c:179): SC3: failed to get SNI
2022-08-24 08:12:27.073 -0700 Warning:  sc3_get_current_sc3(sc3_utils.c:182): SC3: failed to get CCN
2022-08-24 08:12:27.080 -0700 Warning:  pan_cmsa_mgmt_assign_ssl_ctx(src_panos/cms_agent.c:2353): client using default (legacy) context
2022-08-24 08:12:27.080 -0700 Warning:  pan_cmsa_mgmt_assign_ssl_ctx(src_panos/cms_agent.c:2353): client using default (legacy) context
2022-08-24 08:12:27.080 -0700 Warning:  sc3_get_current_sc3(sc3_utils.c:179): SC3: failed to get SNI
2022-08-24 08:12:27.080 -0700 Warning:  sc3_get_current_sc3(sc3_utils.c:182): SC3: failed to get CCN
2022-08-24 08:12:27.081 -0700 cmsa idx=0: waiting for an active device state
2022-08-24 08:12:27.081 -0700 Warning:  sc3_get_current_sc3(sc3_utils.c:179): SC3: failed to get SNI
2022-08-24 08:12:27.081 -0700 Warning:  sc3_get_current_sc3(sc3_utils.c:182): SC3: failed to get CCN
2022-08-24 08:12:27.081 -0700 cmsa idx=1: waiting for an active device state
2022-08-24 08:12:37.081 -0700 cmsa idx=0: waiting for an active device state
2022-08-24 08:12:37.081 -0700 cmsa idx=1: waiting for an active device state
2022-08-24 08:12:47.081 -0700 cmsa idx=0: waiting for an active device state
2022-08-24 08:12:47.082 -0700 cmsa idx=1: waiting for an active device state
2022-08-24 08:12:55.761 -0700 Error:  pan_secure_conn_load_ccp_from_file(pan_ssl_curl_utils.c:374): failed to open /opt/pancfg/mgmt/cms/ssl/ccp.txt
2022-08-24 08:12:55.761 -0700 pan_secure_conn_config_update_cb is called
2022-08-24 08:12:55.761 -0700 Error:  pan_secure_conn_config_update_cb(pan_ssl_curl_utils.c:457): pan_secure_conn__config_update_cb failed
2022-08-24 08:12:56.086 -0700 Error:  pan_evtmgr_proxy_broadcast_msg_to_srvcd(ms_evtmgr_proxy.c:552): Proxy configd: agent not connected, unable to broadcast to it
2022-08-24 08:12:56.086 -0700 Error:  pan_evtmgr_proxy_broadcast_msg_to_srvcd(ms_evtmgr_proxy.c:552): Proxy reportd: agent not connected, unable to broadcast to it
2022-08-24 08:12:56.086 -0700 Error:  pan_evtmgr_proxy_broadcast_msg_to_srvcd(ms_evtmgr_proxy.c:552): Proxy logrcvr: agent not connected, unable to broadcast to it
2022-08-24 08:12:56.086 -0700 Error:  pan_evtmgr_proxy_broadcast_msg_to_srvcd(ms_evtmgr_proxy.c:552): Proxy cord: agent not connected, unable to broadcast to it
2022-08-24 08:12:56.086 -0700 Error:  pan_evtmgr_proxy_broadcast_msg_to_srvcd(ms_evtmgr_proxy.c:552): Proxy esmonitor: agent not connected, unable to broadcast to it
2022-08-24 08:12:56.086 -0700 Error:  pan_evtmgr_proxy_broadcast_msg_to_srvcd(ms_evtmgr_proxy.c:552): Proxy useridd: agent not connected, unable to broadcast to it
2022-08-24 08:12:56.086 -0700 Error:  pan_evtmgr_proxy_broadcast_msg_to_srvcd(ms_evtmgr_proxy.c:552): Proxy distributord: agent not connected, unable to broadcast to it
2022-08-24 08:12:56.086 -0700 Error:  pan_evtmgr_proxy_broadcast_msg_to_srvcd(ms_evtmgr_proxy.c:552): Proxy iotd: agent not connected, unable to broadcast to it
2022-08-24 08:12:57.082 -0700 cmsa idx=0: waiting for an active device state
2022-08-24 08:12:57.082 -0700 cmsa idx=1: waiting for an active device state
2022-08-24 08:13:07.082 -0700 cmsa idx=1: waiting for an active device state
2022-08-24 08:13:07.082 -0700 cmsa idx=0: waiting for an active device state
2022-08-24 08:13:17.083 -0700 cmsa idx=0: waiting for an active device state
2022-08-24 08:13:17.083 -0700 cmsa idx=1: waiting for an active device state
2022-08-24 08:13:27.083 -0700 cmsa idx=1: waiting for an active device state
2022-08-24 08:13:27.083 -0700 cmsa idx=0: waiting for an active device state
2022-08-24 08:13:36.937 -0700 EM: Register request from iotd seq= 699
2022-08-24 08:13:36.937 -0700 Send registration response to iotd
2022-08-24 08:13:37.083 -0700 cmsa idx=0: waiting for an active device state
2022-08-24 08:13:37.083 -0700 cmsa idx=1: waiting for an active device state
2022-08-24 08:13:40.633 -0700 EM: Register request from useridd seq= 703
2022-08-24 08:13:40.633 -0700 Send registration response to useridd
2022-08-24 08:13:40.767 -0700 EM: Register request from distributord seq= 703
2022-08-24 08:13:40.767 -0700 Send registration response to distributord
2022-08-24 08:13:40.791 -0700 EM: Register request from reportd seq= 703
2022-08-24 08:13:40.791 -0700 Send registration response to reportd
2022-08-24 08:13:41.339 -0700 EM: Register request from logrcvr seq= 704
2022-08-24 08:13:41.339 -0700 Send registration response to logrcvr
2022-08-24 08:13:47.084 -0700 cmsa idx=1: waiting for an active device state
2022-08-24 08:13:47.084 -0700 cmsa idx=0: waiting for an active device state
2022-08-24 08:13:57.085 -0700 cmsa idx=0: waiting for an active device state
2022-08-24 08:13:57.085 -0700 cmsa idx=1: waiting for an active device state
2022-08-24 08:14:00.282 -0700 EM: Register request from configd seq= 723
2022-08-24 08:14:00.282 -0700 Add unkown device 1000000
2022-08-24 08:14:00.282 -0700 Send registration response to configd
2022-08-24 08:14:01.106 -0700 update client device info, n_entries=1 op=1
2022-08-24 08:14:01.106 -0700 Device info updated for client id 1000007 device_registered no
2022-08-24 08:14:07.085 -0700 cmsa idx=1: waiting for an active device state
2022-08-24 08:14:07.085 -0700 cmsa idx=0: waiting for an active device state
2022-08-24 08:14:17.085 -0700 cmsa idx=0: waiting for an active device state
2022-08-24 08:14:17.085 -0700 cmsa idx=1: waiting for an active device state
2022-08-24 08:14:27.086 -0700 cmsa idx=1: waiting for an active device state
2022-08-24 08:14:27.086 -0700 cmsa idx=0: waiting for an active device state
2022-08-24 08:14:37.086 -0700 cmsa idx=0: waiting for an active device state
2022-08-24 08:14:37.086 -0700 cmsa idx=1: waiting for an active device state
2022-08-24 08:14:47.087 -0700 cmsa idx=1: waiting for an active device state
2022-08-24 08:14:47.087 -0700 cmsa idx=0: waiting for an active device state
2022-08-24 08:14:57.087 -0700 cmsa idx=0: waiting for an active device state
2022-08-24 08:14:57.087 -0700 cmsa idx=1: waiting for an active device state
2022-08-24 08:15:07.088 -0700 cmsa idx=1: waiting for an active device state
2022-08-24 08:15:07.088 -0700 cmsa idx=0: waiting for an active device state
2022-08-24 08:15:17.089 -0700 cmsa idx=0: waiting for an active device state
2022-08-24 08:15:17.089 -0700 cmsa idx=1: waiting for an active device state
2022-08-24 08:15:27.089 -0700 cmsa idx=1: waiting for an active device state
2022-08-24 08:15:27.089 -0700 cmsa idx=0: waiting for an active device state
2022-08-24 08:15:37.089 -0700 cmsa idx=0: waiting for an active device state
2022-08-24 08:15:37.089 -0700 cmsa idx=1: waiting for an active device state
2022-08-24 08:15:44.329 -0700 <vsys> tag does not exist
2022-08-24 08:15:44.329 -0700 mgmt internal: client certificate profile commit
2022-08-24 08:15:44.329 -0700 No child nodes present under secure connection server mgmt settings, No updates needed.
2022-08-24 08:15:44.329 -0700 [secure_conn] extract secure_conn userid channel settings SERVER
2022-08-24 08:15:44.329 -0700 [secure_conn] user_id secure comm enabled for SERVER
2022-08-24 08:15:44.329 -0700 No child nodes present under secure connection client mgmt settings, No updates needed.
2022-08-24 08:15:44.329 -0700 [secure_conn] extract secure_conn userid channel settings CLIENT
2022-08-24 08:15:44.329 -0700 [secure_conn] user_id secure comm enabled for CLIENT
2022-08-24 08:15:44.330 -0700 [Secure conn config change] Dropping the connection with primary panorama
2022-08-24 08:15:44.330 -0700 [Secure conn config change] Dropping the connection with secondary panorama
2022-08-24 08:15:44.333 -0700 Error:  pan_secure_conn_load_ccp_from_file(pan_ssl_curl_utils.c:374): failed to open /opt/pancfg/mgmt/cms/ssl/ccp.txt
2022-08-24 08:15:44.333 -0700 pan_secure_conn_config_update_cb is called
2022-08-24 08:15:44.333 -0700 Error:  pan_secure_conn_config_update_cb(pan_ssl_curl_utils.c:457): pan_secure_conn__config_update_cb failed
2022-08-24 08:16:17.098 -0700 cmsa: agent index=0
2022-08-24 08:16:17.098 -0700 cmsa: agent index=1
2022-08-24 08:16:17.098 -0700 Warning:  sc3_get_current_sc3(sc3_utils.c:179): SC3: failed to get SNI
2022-08-24 08:16:17.098 -0700 Warning:  sc3_get_current_sc3(sc3_utils.c:182): SC3: failed to get CCN
2022-08-24 08:16:17.098 -0700 [Secure conn] Secure channel for Firewall to panorama communication not enabled for secure conn.
2022-08-24 08:16:17.101 -0700 Warning:  sc3_get_current_sc3(sc3_utils.c:179): SC3: failed to get SNI
2022-08-24 08:16:17.101 -0700 Warning:  sc3_get_current_sc3(sc3_utils.c:182): SC3: failed to get CCN
2022-08-24 08:16:17.101 -0700 [Secure conn] Secure channel for Firewall to panorama communication not enabled for secure conn.
2022-08-24 08:16:17.113 -0700 Warning:  pan_cmsa_mgmt_assign_ssl_ctx(src_panos/cms_agent.c:2353): client using default (legacy) context
2022-08-24 08:16:17.113 -0700 Warning:  pan_cmsa_mgmt_assign_ssl_ctx(src_panos/cms_agent.c:2353): client using default (legacy) context
2022-08-24 08:16:17.113 -0700 Warning:  sc3_get_current_sc3(sc3_utils.c:179): SC3: failed to get SNI
2022-08-24 08:16:17.113 -0700 Warning:  sc3_get_current_sc3(sc3_utils.c:182): SC3: failed to get CCN
2022-08-24 08:16:17.114 -0700 Warning:  sc3_get_current_sc3(sc3_utils.c:179): SC3: failed to get SNI
2022-08-24 08:16:17.114 -0700 Warning:  sc3_get_current_sc3(sc3_utils.c:182): SC3: failed to get CCN
2022-08-24 08:16:17.359 -0700 COMM: connection established. sock=28 remote ip=10.201.24.12 port=3978 local port=36400
2022-08-24 08:16:17.359 -0700 cms agent: Pre. send buffer limit=87040. s=28
2022-08-24 08:16:17.359 -0700 cms agent: Post. send buffer limit=2097152. s=28
2022-08-24 08:16:17.359 -0700 Error:  cs_load_certs_ex(cs_common.c:655): keyfile not exists
2022-08-24 08:16:17.359 -0700 Error:  pan_cmsa_tcp_channel_setup(src_panos/cms_agent.c:883): cms agent: cs_load_certs_ex failed
2022-08-24 08:16:17.359 -0700 cmsa: client will use default context
2022-08-24 08:16:17.360 -0700 Warning:  pan_cmsa_tcp_channel_setup(src_panos/cms_agent.c:988): client will not use SNI
2022-08-24 08:16:17.369 -0700 panorama agent: ssl channel established. sock=28 ssl=0x55e732bf4680
2022-08-24 08:16:17.369 -0700 The max requests per client is set to 250 for server 0 (fd=-100)
2022-08-24 08:16:17.369 -0700 Device info set to panorama
2022-08-24 08:16:17.952 -0700 update client device info, n_entries=1 op=2
2022-08-24 08:16:17.952 -0700 Device info updated for client id 1000008 device_registered no
2022-08-24 08:16:47.954 -0700 cmsa: agent index=0
2022-08-24 08:16:47.955 -0700 Warning:  sc3_get_current_sc3(sc3_utils.c:179): SC3: failed to get SNI
2022-08-24 08:16:47.955 -0700 Warning:  sc3_get_current_sc3(sc3_utils.c:182): SC3: failed to get CCN
2022-08-24 08:16:47.955 -0700 [Secure conn] Secure channel for Firewall to panorama communication not enabled for secure conn.
2022-08-24 08:16:47.967 -0700 Warning:  pan_cmsa_mgmt_assign_ssl_ctx(src_panos/cms_agent.c:2353): client using default (legacy) context
2022-08-24 08:16:47.967 -0700 Warning:  sc3_get_current_sc3(sc3_utils.c:179): SC3: failed to get SNI
2022-08-24 08:16:47.967 -0700 Warning:  sc3_get_current_sc3(sc3_utils.c:182): SC3: failed to get CCN
2022-08-24 08:16:48.195 -0700 COMM: connection established. sock=28 remote ip=10.201.24.12 port=3978 local port=36512
2022-08-24 08:16:48.195 -0700 cms agent: Pre. send buffer limit=87040. s=28
2022-08-24 08:16:48.195 -0700 cms agent: Post. send buffer limit=2097152. s=28
2022-08-24 08:16:48.204 -0700 cmsa: client will use default context
2022-08-24 08:16:48.204 -0700 Warning:  pan_cmsa_tcp_channel_setup(src_panos/cms_agent.c:988): client will not use SNI
2022-08-24 08:16:48.215 -0700 panorama agent: ssl channel established. sock=28 ssl=0x55e732bf49c0
2022-08-24 08:16:48.215 -0700 Device info set to panorama
2022-08-24 08:16:48.677 -0700 update client device info, n_entries=1 op=1
2022-08-24 08:16:48.677 -0700 Device info updated for client id 1000009 device_registered no
2022-08-24 09:04:36.958 -0700 [Secure conn cfg-mgr trigger update] Sec conn config not changed, No updates needed.
2022-08-24 09:15:37.198 -0700 [Secure conn cfg-mgr trigger update] Sec conn config not changed, No updates needed.
2022-08-24 09:23:20.760 -0700 [Secure conn cfg-mgr trigger update] Sec conn config not changed, No updates needed.
2022-08-24 09:26:21.996 -0700 [Secure conn cfg-mgr trigger update] Sec conn config not changed, No updates needed.
2022-08-24 09:30:30.875 -0700 [Secure conn cfg-mgr trigger update] Sec conn config not changed, No updates needed.
2022-08-24 09:36:30.072 -0700 [Secure conn cfg-mgr trigger update] Sec conn config not changed, No updates needed.
2022-08-24 16:49:14.051 +0000 [Secure conn cfg-mgr trigger update] Sec conn config not changed, No updates needed.
2022-08-24 17:36:53.370 +0000 [Secure conn cfg-mgr trigger update] Sec conn config not changed, No updates needed.
2022-08-25 09:16:20.282 +0000 [Secure conn cfg-mgr trigger update] Sec conn config not changed, No updates needed.
2022-08-25 09:25:50.076 +0000 [Secure conn cfg-mgr trigger update] Sec conn config not changed, No updates needed.
2022-08-25 09:28:28.563 +0000 [Secure conn cfg-mgr trigger update] Sec conn config not changed, No updates needed.
2022-08-25 09:33:37.742 +0000 [Secure conn cfg-mgr trigger update] Sec conn config not changed, No updates needed.
2022-08-25 10:15:07.755 +0000 [Secure conn cfg-mgr trigger update] Sec conn config not changed, No updates needed.
2022-08-25 14:59:51.891 +0000 [Secure conn cfg-mgr trigger update] Sec conn config not changed, No updates needed.
2022-08-25 15:05:42.206 +0000 [Secure conn cfg-mgr trigger update] Sec conn config not changed, No updates needed.
2022-08-25 15:14:44.395 +0000 [Secure conn cfg-mgr trigger update] Sec conn config not changed, No updates needed.
2022-08-25 16:05:12.648 +0000 [Secure conn cfg-mgr trigger update] Sec conn config not changed, No updates needed.
2022-08-26 12:48:57.278 +0000 [Secure conn cfg-mgr trigger update] Sec conn config not changed, No updates needed.

 

 

Cyber Elite
Cyber Elite

Thank you for reply @alan-griffiths

 

from the provided log, I am unfortunately not able determine what the issue is and running out of ideas.

 

Last thing I would do is perform below steps:

 

In Panorama navigate to: Commit > Push to Device> Edit Selection > Deselect All for Device Groups and Templates > Collector Groups > select Collector Group and click OK and Push.

 

In Firewall restart log receiver process: debug software restart process log-receiver

Then check logs in Firewall to see there is any error: less mp-log logrcvr.log

 

Kind Regards

Pavel

Help the community: Like helpful comments and mark solutions.

After the restart of the logging process the connection status was reported as active, but I still wasn't seeing logs in Panorama. So I did a full restart of Panorama and now logs are showing!

Thanks for your assistance.

  • 1 accepted solution
  • 7235 Views
  • 6 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!