cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Who rated this post

Yes, the service restarts would be done via CLI, but if you did not have the forwarding profiles with "Panorama" checked for traffic that would explain why they were not being forwarded.

 

I assume this was already the case, but policies must be set to log on session start or end in addition to having a forwarding profile.  Without that they will, of course, log neither locally or to panorama.

 

Before restarting the services, there are additional troubleshooting steps you can take, again from the CLI

 

On the firewall you can verify log forwarding is configured and active:

>show log-collector preference-list

 

You should see your panorama appliance serial and IP in the configured list

 

and

> show logging-status

 

The output should show a message stating that the log forwarding agent is active

 

 

In panorama, you can verify it is recieving the logs

> show logging-status device <firewall serial number>

 

If it does not indicate current logs, you can have panorama instruct the firewall to restart log forwarding from teh lack acknowledged message:

> request log-fwd-ctrl device <firewall serial number> action start-from-lastack

 

 

That generally "fixes" issues where logs are not beign sent at all.

 

Here are a few articles on the subject in the KB

https://live.paloaltonetworks.com/t5/Configuration-Articles/Palo-Alto-Networks-Firewall-not-Forwardi...

If you mentioned version numbers I missed it.. this is 8.0 but the process is the same in 7.1

https://www.paloaltonetworks.com/documentation/80/panorama/panorama_adminguide/manage-log-collection...

Who rated this post