12-04-2024 03:54 PM
Hello Team,
I had the following scenario, 1 HA NGFW pair and a Panorama device on Panorama mode on the 10.2.8-h4 pan-os version, and on the Panorama device we don't see any logs from the active NGFW. I checked the Log Forwarding profiles, Permitted IPs on the MGT's interfaces and only with the show log-collector preference-list command on the CLI we get the following output on the active device:
user@NGFW(active)> show log-collector preference-list
Logging Service Preference List
Forward to all: Yes
Serial Number: PANW_LOG_RECEPTOR_SRV FQDN: -lc-prod-eu.gpcloudservice.com
We send logs to CDL (Cortex Data Lake) or Strata Logging Service and to Panorama as well, but on the previous command we just see the preference list with the CDL instance but no the Panorama device.
With the show logging-status command we have the following output on the active device:
user@NGFW(active)> show logging-status
-----------------------------------------------------------------------------------------------------------------------------
Type Last Log Created Last Log Fwded Last Seq Num Fwded Last Seq Num Acked Total Logs Fwded
-----------------------------------------------------------------------------------------------------------------------------
Log Collector :
Connection IP : lr-cms0
Conn Source IP : lr - def
High speed mode : Disabled
Connection Status : lr - Inactive
Rate : 0 logs/sec
traffic Not Available Not Available 0 0 0
threat Not Available Not Available 0 0 0
hipmatch Not Available Not Available 0 0 0
gtp-tunnel Not Available Not Available 0 0 0
auth Not Available Not Available 0 0 0
iptag Not Available Not Available 0 0 0
userid Not Available Not Available 0 0 0
sctp Not Available Not Available 0 0 0
decryption Not Available Not Available 0 0 0
config Not Available Not Available 0 0 0
system Not Available Not Available 0 0 0
globalprotect Not Available Not Available 0 0 0
Do you have any idea about how to fix this issue with the log forwarding?
Regards,
