- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
03-29-2018 08:06 AM
Yes, the service restarts would be done via CLI, but if you did not have the forwarding profiles with "Panorama" checked for traffic that would explain why they were not being forwarded.
I assume this was already the case, but policies must be set to log on session start or end in addition to having a forwarding profile. Without that they will, of course, log neither locally or to panorama.
Before restarting the services, there are additional troubleshooting steps you can take, again from the CLI
On the firewall you can verify log forwarding is configured and active:
>show log-collector preference-list
You should see your panorama appliance serial and IP in the configured list
and
> show logging-status
The output should show a message stating that the log forwarding agent is active
In panorama, you can verify it is recieving the logs
> show logging-status device <firewall serial number>
If it does not indicate current logs, you can have panorama instruct the firewall to restart log forwarding from teh lack acknowledged message:
> request log-fwd-ctrl device <firewall serial number> action start-from-lastack
That generally "fixes" issues where logs are not beign sent at all.
Here are a few articles on the subject in the KB
If you mentioned version numbers I missed it.. this is 8.0 but the process is the same in 7.1