This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

About alan-griffiths

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.
alan-griffiths
‎12-01-2023
since ‎08-25-2022
L2 Linker
User Activity
User Profile
Latest posts by alan-griffiths
View All
My Liked Posts
View All
User Badges
Community Statistics
Member Since ‎08-25-2022 06:49 AM
Date Last Visited ‎12-01-2023 12:16 PM
Posts 12
Total Likes Received 2

Re: Cannot connect Log Collector to Panorama

by in Panorama Discussions
‎11-01-2022 03:11 AM
1 Kudo
‎11-01-2022 03:11 AM
1 Kudo
Ah, you're about 6 hours too late. I'd just opened a ticket and got the same info. The Palo documentation is baffling. There are two separate pages detailing how to configure dedicated log collector. One page includes a step to reset the sc3 the other one doesn't.   This is the page support told me to use https://docs.paloaltonetworks.com/panorama/10-1/panorama-admin/manage-log-collection/log-collection-deployments/deploy-panorama-with-dedicated-log-collectors   ... View more

Re: Cannot connect Log Collector to Panorama

by in Panorama Discussions
‎10-25-2022 02:37 AM
‎10-25-2022 02:37 AM
Both Panorama and LC are running 10.1.6-h6. Confirmed LC cert is still valid. Panorama log is filled with these 2022-10-25 09:34:50.101 +0000 Error: sni_ssl_servername_cb(src_cms/cms_server.c:654): Unknown SNI: 'ae25c29c-0b84-4ff3-8b7e-5a2877411c8a'. 139678775854848:error:1408A0E2:SSL routines:SSL3_GET_CLIENT_HELLO:clienthello tlsext:s3_srvr.c:1181: 2022-10-25 09:34:52.147 +0000 Error: sni_ssl_servername_cb(src_cms/cms_server.c:654): Unknown SNI: 'a83fdd6a-3842-4806-962b-4af693a2744d'. 139678809425664:error:1408A0E2:SSL routines:SSL3_GET_CLIENT_HELLO:clienthello tlsext:s3_srvr.c:1181: 2022-10-25 09:35:00.456 +0000 Error: sni_ssl_servername_cb(src_cms/cms_server.c:654): Unknown SNI: 'ae25c29c-0b84-4ff3-8b7e-5a2877411c8a'. 139678792640256:error:1408A0E2:SSL routines:SSL3_GET_CLIENT_HELLO:clienthello tlsext:s3_srvr.c:1181: 2022-10-25 09:35:02.500 +0000 Error: sni_ssl_servername_cb(src_cms/cms_server.c:654): Unknown SNI: 'a83fdd6a-3842-4806-962b-4af693a2744d'. 139678733891328:error:1408A0E2:SSL routines:SSL3_GET_CLIENT_HELLO:clienthello tlsext:s3_srvr.c:1181: 2022-10-25 09:35:10.811 +0000 Error: sni_ssl_servername_cb(src_cms/cms_server.c:654): Unknown SNI: 'ae25c29c-0b84-4ff3-8b7e-5a2877411c8a'. 139678826211072:error:1408A0E2:SSL routines:SSL3_GET_CLIENT_HELLO:clienthello tlsext:s3_srvr.c:1181: 2022-10-25 09:35:12.847 +0000 Error: sni_ssl_servername_cb(src_cms/cms_server.c:654): Unknown SNI: 'a83fdd6a-3842-4806-962b-4af693a2744d'. 139678775854848:error:1408A0E2:SSL routines:SSL3_GET_CLIENT_HELLO:clienthello tlsext:s3_srvr.c:1181: 2022-10-25 09:35:21.164 +0000 Error: sni_ssl_servername_cb(src_cms/cms_server.c:654): Unknown SNI: 'ae25c29c-0b84-4ff3-8b7e-5a2877411c8a'. 139678826211072:error:1408A0E2:SSL routines:SSL3_GET_CLIENT_HELLO:clienthello tlsext:s3_srvr.c:1181: 2022-10-25 09:35:23.202 +0000 Error: sni_ssl_servername_cb(src_cms/cms_server.c:654): Unknown SNI: 'a83fdd6a-3842-4806-962b-4af693a2744d'. ... View more

Re: Cannot connect Log Collector to Panorama

by in Panorama Discussions
‎10-24-2022 06:52 AM
‎10-24-2022 06:52 AM
Confirmed device mgt license is present. ... View more

Re: Cannot connect Log Collector to Panorama

by in Panorama Discussions
‎10-24-2022 04:28 AM
‎10-24-2022 04:28 AM
Hi, sorry for late reply, was on leave last week. I have validated 1) and 2), but what is the command to check 3)? ... View more

Cannot connect Log Collector to Panorama

by in Panorama Discussions
‎10-14-2022 04:56 AM
‎10-14-2022 04:56 AM
Going mad here trying to connect a dedicated log collector to a Panorama HA pair. Followed this procedure https://docs.paloaltonetworks.com/panorama/10-1/panorama-admin/set-up-panorama/set-up-the-panorama-virtual-appliance/set-up-the-panorama-virtual-appliance-as-a-log-collector   I get a far as step 12, but after the commit it never reports connected and I never get a status. The log collector is reporting disconnected admin@Panorama> show panorama-status Panorama Server 1 : 10.201.24.12 Connected : no HA state : disconnected Panorama Server 2 : 10.201.25.12 Connected : no HA state : disconnected The log is constantly cycling this 2022-10-14 11:44:47.330 +0000 CMSA: Source bind sock to 10.201.25.13 2022-10-14 11:44:47.330 +0000 COMM: Source bind sock 18 to 10.201.25.13 before connect to remote ip [10.201.25.12] @port 3978 2022-10-14 11:44:47.331 +0000 COMM: connection established. sock=18 remote ip=10.201.25.12 port=3978 local port=45361 2022-10-14 11:44:47.331 +0000 cms agent: Pre. send buffer limit=87040. s=18 2022-10-14 11:44:47.331 +0000 cms agent: Post. send buffer limit=425984. s=18 2022-10-14 11:44:47.331 +0000 Warning: pan_cmsa_tcp_channel_setup(src_panos/cms_agent.c:905): SC3A: client will use sni:'a83fdd6a-3842-4806-962b-4af693a2744d' and ccn:'353cea78-6757-45ac-9073-8fa13c4e2090' 2022-10-14 11:44:47.331 +0000 SC3: CA: 'a83fdd6a-3842-4806-962b-4af693a2744d', CC/CSR: '353cea78-6757-45ac-9073-8fa13c4e2090' 2022-10-14 11:44:47.335 +0000 CMSA: Source bind sock to 10.201.25.13 2022-10-14 11:44:47.335 +0000 COMM: Source bind sock 19 to 10.201.25.13 before connect to remote ip [10.201.24.12] @port 3978 2022-10-14 11:44:47.336 +0000 SC3: context initialized using SNI: a83fdd6a-3842-4806-962b-4af693a2744d 2022-10-14 11:44:47.336 +0000 cmsa: client will use SNI: a83fdd6a-3842-4806-962b-4af693a2744d 2022-10-14 11:44:47.336 +0000 COMM: connection established. sock=19 remote ip=10.201.24.12 port=3978 local port=39935 2022-10-14 11:44:47.336 +0000 cms agent: Pre. send buffer limit=87040. s=19 2022-10-14 11:44:47.336 +0000 cms agent: Post. send buffer limit=425984. s=19 2022-10-14 11:44:47.336 +0000 Warning: pan_cmsa_tcp_channel_setup(src_panos/cms_agent.c:905): SC3A: client will use sni:'a83fdd6a-3842-4806-962b-4af693a2744d' and ccn:'353cea78-6757-45ac-9073-8fa13c4e2090' 2022-10-14 11:44:47.336 +0000 Error: pan_cmsa_tcp_channel_setup(src_panos/cms_agent.c:1208): panorama agent: SSL connect error. sock=18 err=1 2022-10-14 11:44:47.337 +0000 SC3: CA: 'a83fdd6a-3842-4806-962b-4af693a2744d', CC/CSR: '353cea78-6757-45ac-9073-8fa13c4e2090' 2022-10-14 11:44:47.341 +0000 SC3: context initialized using SNI: a83fdd6a-3842-4806-962b-4af693a2744d 2022-10-14 11:44:47.341 +0000 cmsa: client will use SNI: a83fdd6a-3842-4806-962b-4af693a2744d 2022-10-14 11:44:47.342 +0000 Error: pan_cmsa_tcp_channel_setup(src_panos/cms_agent.c:1208): panorama agent: SSL connect error. sock=19 err=1 Repeated the process multiple times, but same failure every time. Both sides are running 10.1.6-h6 ... View more

Re: Firewall Disconnected from Secondary Panorama

by in Panorama Discussions
‎10-13-2022 03:00 AM
‎10-13-2022 03:00 AM
Yeah, that did the trick. Bit strange though. I had to failover to the secondary to re-add the firewall. If I did it on the primary then it would just come back on the secondary as disconnected again. So Remove device on primary, commit. Remove panorama config from device. Failover to secondary Panorama. Add device, commit. Re-dd primary and secondary Panorama config on device. Verify device is reported as connected on both primary and secondary. Fail back to primary. ... View more

Firewall Disconnected from Secondary Panorama

by in Panorama Discussions
‎10-07-2022 06:29 AM
‎10-07-2022 06:29 AM
Added some new firewalls to a Panorama HA pair and one of the devices is disconnected from the secondary Panorama. admin@intra-az1> show panorama-status Panorama Server 1 : 10.201.24.12 Connected : yes HA state : Active Panorama Server 2 : 10.201.25.12 Connected : no HA state : disconnected   Running tcpdump I can see traffic is passing between the device and the Panorama 2:56:14.150509 IP 10.201.50.52.48026 > 10.201.25.12.pan-panorama: Flags [P.], seq 4362:4431, ack 1, win 296, options [nop,nop,TS val 3086412655 ecr 1690590683], length 69 12:56:14.151873 IP 10.201.25.12.pan-panorama > 10.201.50.52.48026: Flags [.], ack 4431, win 379, options [nop,nop,TS val 1690591348 ecr 3086412655], length 0 12:56:17.980601 IP 10.201.50.52.46264 > 10.201.25.12.pan-panorama: Flags [P.], seq 69:138, ack 70, win 332, options [nop,nop,TS val 3086416485 ecr 1690589179], length 69 12:56:17.982715 IP 10.201.25.12.pan-panorama > 10.201.50.52.46264: Flags [P.], seq 70:139, ack 138, win 293, options [nop,nop,TS val 1690595179 ecr 3086416485], length 69 12:56:17.982730 IP 10.201.50.52.46264 > 10.201.25.12.pan-panorama: Flags [.], ack 139, win 332, options [nop,nop,TS val 3086416487 ecr 1690595179], length 0 12:56:20.150517 IP 10.201.50.52.48026 > 10.201.25.12.pan-panorama: Flags [P.], seq 4431:4500, ack 1, win 296, options [nop,nop,TS val 3086418655 ecr 1690591348], length 69 12:56:20.151884 IP 10.201.25.12.pan-panorama > 10.201.50.52.48026: Flags [.], ack 4500, win 379, options [nop,nop,TS val 1690597348 ecr 3086418655], length 0 12:56:23.980629 IP 10.201.50.52.46264 > 10.201.25.12.pan-panorama: Flags [P.], seq 138:207, ack 139, win 332, options [nop,nop,TS val 3086422485 ecr 1690595179], length 69 12:56:23.982485 IP 10.201.25.12.pan-panorama > 10.201.50.52.46264: Flags [P.], seq 139:208, ack 207, win 293, options [nop,nop,TS val 1690601179 ecr 3086422485], length 69 12:56:23.982511 IP 10.201.50.52.46264 > 10.201.25.12.pan-panorama: Flags [.], ack 208, win 332, options [nop,nop,TS val 3086422487 ecr 1690601179], length 0 12:56:26.150520 IP 10.201.50.52.48026 > 10.201.25.12.pan-panorama: Flags [P.], seq 4500:4569, ack 1, win 296, options [nop,nop,TS val 3086424655 ecr 1690597348], length 69 12:56:26.151931 IP 10.201.25.12.pan-panorama > 10.201.50.52.48026: Flags [.], ack 4569, win 379, options [nop,nop,TS val 1690603348 ecr 3086424655], length 0 12:56:29.980632 IP 10.201.50.52.46264 > 10.201.25.12.pan-panorama: Flags [P.], seq 207:276, ack 208, win 332, options [nop,nop,TS val 3086428485 ecr 1690601179], length 69 12:56:29.982366 IP 10.201.25.12.pan-panorama > 10.201.50.52.46264: Flags [P.], seq 208:277, ack 276, win 293, options [nop,nop,TS val 1690607179 ecr 3086428485], length 69 12:56:29.982385 IP 10.201.50.52.46264 > 10.201.25.12.pan-panorama: Flags [.], ack 277, win 332, options [nop,nop,TS val 3086428486 ecr 1690607179], length 0 12:56:32.150527 IP 10.201.50.52.48026 > 10.201.25.12.pan-panorama: Flags [P.], seq 4569:4638, ack 1, win 296, options [nop,nop,TS val 3086430655 ecr 1690603348], length 69 12:56:32.151961 IP 10.201.25.12.pan-panorama > 10.201.50.52.48026: Flags [.], ack 4638, win 379, options [nop,nop,TS val 1690609349 ecr 3086430655], length 0 12:56:35.980626 IP 10.201.50.52.46264 > 10.201.25.12.pan-panorama: Flags [P.], seq 276:345, ack 277, win 332, options [nop,nop,TS val 3086434485 ecr 1690607179], length 69 12:56:35.982329 IP 10.201.25.12.pan-panorama > 10.201.50.52.46264: Flags [P.], seq 277:346, ack 345, win 293, options [nop,nop,TS val 1690613179 ecr 3086434485], length 6  From ms.log I this cycle every minute 2022-10-07 13:22:54.849 +0000 update client device info, n_entries=1 op=2 2022-10-07 13:22:54.849 +0000 Device info updated for client id 1000055 device_registered no 2022-10-07 13:23:24.850 +0000 cmsa: agent index=1 2022-10-07 13:23:24.851 +0000 Warning: sc3_get_current_sc3(sc3_utils.c:179): SC3: failed to get SNI 2022-10-07 13:23:24.851 +0000 Warning: sc3_get_current_sc3(sc3_utils.c:182): SC3: failed to get CCN 2022-10-07 13:23:24.851 +0000 [Secure conn] Secure channel for Firewall to panorama communication not enabled for secure conn. 2022-10-07 13:23:24.856 +0000 Warning: pan_cmsa_mgmt_assign_ssl_ctx(src_panos/cms_agent.c:2353): client using default (legacy) context 2022-10-07 13:23:24.856 +0000 Warning: sc3_get_current_sc3(sc3_utils.c:179): SC3: failed to get SNI 2022-10-07 13:23:24.856 +0000 Warning: sc3_get_current_sc3(sc3_utils.c:182): SC3: failed to get CCN 2022-10-07 13:23:25.093 +0000 COMM: connection established. sock=29 remote ip=10.201.25.12 port=3978 local port=51960 2022-10-07 13:23:25.093 +0000 cms agent: Pre. send buffer limit=87040. s=29 2022-10-07 13:23:25.093 +0000 cms agent: Post. send buffer limit=2097152. s=29 2022-10-07 13:23:25.093 +0000 Error: cs_load_certs_ex(cs_common.c:655): keyfile not exists 2022-10-07 13:23:25.093 +0000 Error: pan_cmsa_tcp_channel_setup(src_panos/cms_agent.c:883): cms agent: cs_load_certs_ex failed 2022-10-07 13:23:25.093 +0000 cmsa: client will use default context 2022-10-07 13:23:25.093 +0000 Warning: pan_cmsa_tcp_channel_setup(src_panos/cms_agent.c:988): client will not use SNI 2022-10-07 13:23:25.098 +0000 panorama agent: ssl channel established. sock=29 ssl=0x555fd2a82700 2022-10-07 13:23:25.098 +0000 Device info set to panorama2 2022-10-07 13:24:54.849 +0000 update client device info, n_entries=1 op=2 2022-10-07 13:24:54.849 +0000 Device info updated for client id 1000056 device_registered no Don't really know what else to check. I added four devices at the same time and the other three are connected fine, so don't understand what went wrong with this one. ... View more

Re: Issues with Overlay Routing and AWS Gateway Load Balancer

by in VM-Series in the Public Cloud
‎09-06-2022 07:42 AM
‎09-06-2022 07:42 AM
Just hit this issue while running 10.1.6. It's reportedly fixed in 10.1.6-h6 and I can confirm this having upgraded. https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-release-notes/pan-os-10-1-6-known-and-addressed-issues/pan-os-10-1-6-h6-addressed-issues  Didn't stop me wasting a whole morning debugging it though...   ... View more

Re: Setting up log collection in Panorama

by in Panorama Discussions
‎08-30-2022 02:40 AM
1 Kudo
‎08-30-2022 02:40 AM
1 Kudo
After the restart of the logging process the connection status was reported as active, but I still wasn't seeing logs in Panorama. So I did a full restart of Panorama and now logs are showing! Thanks for your assistance. ... View more

Re: Setting up log collection in Panorama

by in Panorama Discussions
‎08-26-2022 06:41 AM
‎08-26-2022 06:41 AM
Firewall is reported as connected and In Sync. Log is below admin@ip-10-201-50-52> tail lines 500 mp-log ms.log 2022-08-24 08:11:53.353 -0700 ===================== MS: start ====================== 2022-08-24 08:11:53.355 -0700 MS: SSL lib initialized 2022-08-24 08:11:53.355 -0700 Warning: pan_hash_init(pan_hash.c:113): nbuckets 2000 is not power of 2! 2022-08-24 08:11:53.355 -0700 Warning: pan_hash_init(pan_hash.c:113): nbuckets 2000 is not power of 2! 2022-08-24 08:11:53.355 -0700 Warning: pan_hash_init(pan_hash.c:113): nbuckets 2000 is not power of 2! 2022-08-24 08:11:53.355 -0700 MS: connection manager initialized 2022-08-24 08:11:53.370 -0700 sysd worker[0]: 7f1b944ff700: starting up... 2022-08-24 08:11:53.462 -0700 Error: _glob_err_handler(pan_mgt_exec.c:552): Error occurred at /opt/pancfg/mgmt/saved-configs, (code : 2 ; message : No such file or directory) 2022-08-24 08:11:53.462 -0700 Error: pan_sys_exec_expand_wildcard(pan_mgt_exec.c:573): get a read error 2022-08-24 08:11:53.462 -0700 Removing /tmp/.iddone in pan_cfg_remove_temporary_files 2022-08-24 08:11:53.482 -0700 Error: pan_dir_create(pan_fs.c:301): failed to create dir /tmp/pan wih error 17 2022-08-24 08:11:53.689 -0700 succeed to initialize xslt security preference 2022-08-24 08:11:53.690 -0700 Not connected to sysd yet. Sleeping for 5 second.. 2022-08-24 08:11:53.696 -0700 sysd worker[0]: 7f1b920f8700: starting up... 2022-08-24 08:11:53.696 -0700 sysd worker[0]: 7f1b938fd700: starting up... 2022-08-24 08:11:53.696 -0700 sysd worker[1]: 7f1b934fc700: starting up... 2022-08-24 08:11:53.696 -0700 sysd worker[2]: 7f1b930fb700: starting up... 2022-08-24 08:11:53.696 -0700 sysd worker[3]: 7f1b92cfa700: starting up... 2022-08-24 08:11:55.358 -0700 Sysd Event: SUCCESS 2022-08-24 08:11:55.690 -0700 Sysd Event: SUCCESS 2022-08-24 08:11:55.690 -0700 connected to sysd 2022-08-24 08:11:55.690 -0700 config manager:connected to sysd 2022-08-24 08:11:55.694 -0700 Management server started. Running version 10.1.6 2022-08-24 08:11:55.694 -0700 sw detail version 10.1.6 2022-08-24 08:11:55.695 -0700 Error: _pan_cfg_parse_secure_conn_mgmt_settings(pan_sec_conn_parser.c:1220): File stats error: /opt/pancfg/mgmt/cms/ssl/pan_mgmt_secure_conn_cfg_current.xml 2022-08-24 08:11:55.695 -0700 Error: pan_cfg_parse_secure_conn_mgmt_settings(pan_sec_conn_parser.c:1408): Failed to parse the secure connection settings 2022-08-24 08:11:55.695 -0700 Error: pan_cfg_mgr_parse_secure_conn_settings(pan_cfg_mgr.c:47631): Failed to parse the secure conn settings for management. 2022-08-24 08:11:55.695 -0700 Error: pan_cfg_mgr_construct_int(pan_cfg_mgr.c:33490): [Secure conn config parsing] Cannot parse the secure conn configuration.Please rectify the configuration and try again. 2022-08-24 08:11:55.695 -0700 Warning: pan_log_proxy(pan_priv_log.c:269): Slog being proxied 2022-08-24 08:11:55.695 -0700 Initialized cfg mgr for management server 2022-08-24 08:11:55.811 -0700 MS: configuration manager initialized 2022-08-24 08:11:55.811 -0700 Error: sc3_ca_exists(sc3_certs.c:221): SC3: Failed to get the current CA name. 2022-08-24 08:11:55.811 -0700 Warning: sc3_init_sc3(sc3_utils.c:351): SC3: Failed to get the Current CC name 2022-08-24 08:11:55.811 -0700 Warning: sc3_init_sc3(sc3_utils.c:373): SC3: No CSR present. 2022-08-24 08:11:56.863 -0700 Warning: pan_log_proxy(pan_priv_log.c:269): Slog being proxied 2022-08-24 08:11:56.863 -0700 Warning: sc3_init_sc3(sc3_utils.c:380): SC3: Device CSR set to 'b0e6bf7a-dad1-4f9f-8fac-74732a5554c6' 2022-08-24 08:11:56.863 -0700 SC3: CA: '', CC/CSR: 'b0e6bf7a-dad1-4f9f-8fac-74732a5554c6' 2022-08-24 08:11:56.863 -0700 SC3: initialized 2022-08-24 08:11:56.864 -0700 <vsys> tag does not exist 2022-08-24 08:11:56.864 -0700 Error: pan_load_ca_subjects(pan_crl_ocsp.c:70): canot read the root ca file (/opt/pancfg/certificates/cac-ca-sec-4/0/HYUR1DNHrVKwag6) 2022-08-24 08:11:56.864 -0700 Error: pan_load_ca_subjects(pan_crl_ocsp.c:70): canot read the root ca file (/opt/pancfg/certificates/cac-ca-sec-4/0/izx04OEwogJg1sk) 2022-08-24 08:11:56.864 -0700 Error: pan_load_ca_subjects(pan_crl_ocsp.c:70): canot read the root ca file (/opt/pancfg/certificates/cac-ca-sec-4/0/vpHV88KjA7hIT3E) 2022-08-24 08:11:56.864 -0700 Error: pan_load_ca_subjects(pan_crl_ocsp.c:70): canot read the root ca file (/opt/pancfg/certificates/cac-ca-sec-4/0/C6oXfQDCkIPA-xH) 2022-08-24 08:11:56.864 -0700 Error: pan_load_ca_subjects(pan_crl_ocsp.c:70): canot read the root ca file (/opt/pancfg/certificates/cac-ca-sec-4/0/dEo21vgdxV2mYF8) 2022-08-24 08:11:56.864 -0700 Error: pan_load_ca_subjects(pan_crl_ocsp.c:70): canot read the root ca file (/opt/pancfg/certificates/cac-ca-sec-4/0/Gy8z8lFWaN1qFjH) 2022-08-24 08:11:56.864 -0700 mgmt internal: client certificate profile commit 2022-08-24 08:11:56.865 -0700 DNS_API - dns_vsys_disabled: FALSE 2022-08-24 08:11:56.865 -0700 DNS_API - init dns_vsys_disabled: FALSE 2022-08-24 08:11:56.865 -0700 Constructed event manager (addr=0x55e732874500) 2022-08-24 08:11:56.867 -0700 Notifier created for management server, (addr=0x55e732842f00) 2022-08-24 08:11:56.867 -0700 Warning: pan_hash_init(pan_hash.c:113): nbuckets 10000 is not power of 2! 2022-08-24 08:11:56.867 -0700 created thread pool(0x55e73286c480, 16) 2022-08-24 08:11:56.867 -0700 Error: create_worker_threads(threadpool.c:27): thread pool configures with zero threads! 2022-08-24 08:11:56.867 -0700 created thread pool(0x55e73286c530, 0) 2022-08-24 08:11:56.867 -0700 Error: create_worker_threads(threadpool.c:27): thread pool configures with zero threads! 2022-08-24 08:11:56.867 -0700 created thread pool(0x55e73286c5e0, 0) 2022-08-24 08:11:56.867 -0700 Non-blocking thread pool created for event manager, (addr=0x55e73286c480) 2022-08-24 08:11:57.030 -0700 MS: panorama module initialized 2022-08-24 08:11:57.030 -0700 MS: event manager initialized 2022-08-24 08:11:57.057 -0700 pan_lcsa_tcp_connect_pref_list: Created connect pref thread 2022-08-24 08:11:57.064 -0700 MS: server address 7f000001 port:10000 2022-08-24 08:11:57.064 -0700 set TCP_NODELAY option on socket, port 10000 2022-08-24 08:11:57.064 -0700 Error: tp_submit_srvr_fd_work(socksrvr.c:115): work(SRVR, 0x55e7328a02a0) submitted 2022-08-24 08:11:57.064 -0700 The max requests per client is set to 250 for server 10000 (fd=19) 2022-08-24 08:11:57.070 -0700 Warning: sc3_get_current_sc3(sc3_utils.c:179): SC3: failed to get SNI 2022-08-24 08:11:57.070 -0700 Warning: sc3_get_current_sc3(sc3_utils.c:182): SC3: failed to get CCN 2022-08-24 08:11:57.120 -0700 Warning: sc3_get_current_sc3(sc3_utils.c:179): SC3: failed to get SNI 2022-08-24 08:11:57.120 -0700 Warning: sc3_get_current_sc3(sc3_utils.c:182): SC3: failed to get CCN 2022-08-24 08:12:27.070 -0700 cmsa: agent index=0 2022-08-24 08:12:27.070 -0700 cmsa: agent index=1 2022-08-24 08:12:27.070 -0700 Warning: sc3_get_current_sc3(sc3_utils.c:179): SC3: failed to get SNI 2022-08-24 08:12:27.070 -0700 Warning: sc3_get_current_sc3(sc3_utils.c:182): SC3: failed to get CCN 2022-08-24 08:12:27.070 -0700 Warning: sc3_get_current_sc3(sc3_utils.c:179): SC3: failed to get SNI 2022-08-24 08:12:27.073 -0700 Warning: sc3_get_current_sc3(sc3_utils.c:182): SC3: failed to get CCN 2022-08-24 08:12:27.080 -0700 Warning: pan_cmsa_mgmt_assign_ssl_ctx(src_panos/cms_agent.c:2353): client using default (legacy) context 2022-08-24 08:12:27.080 -0700 Warning: pan_cmsa_mgmt_assign_ssl_ctx(src_panos/cms_agent.c:2353): client using default (legacy) context 2022-08-24 08:12:27.080 -0700 Warning: sc3_get_current_sc3(sc3_utils.c:179): SC3: failed to get SNI 2022-08-24 08:12:27.080 -0700 Warning: sc3_get_current_sc3(sc3_utils.c:182): SC3: failed to get CCN 2022-08-24 08:12:27.081 -0700 cmsa idx=0: waiting for an active device state 2022-08-24 08:12:27.081 -0700 Warning: sc3_get_current_sc3(sc3_utils.c:179): SC3: failed to get SNI 2022-08-24 08:12:27.081 -0700 Warning: sc3_get_current_sc3(sc3_utils.c:182): SC3: failed to get CCN 2022-08-24 08:12:27.081 -0700 cmsa idx=1: waiting for an active device state 2022-08-24 08:12:37.081 -0700 cmsa idx=0: waiting for an active device state 2022-08-24 08:12:37.081 -0700 cmsa idx=1: waiting for an active device state 2022-08-24 08:12:47.081 -0700 cmsa idx=0: waiting for an active device state 2022-08-24 08:12:47.082 -0700 cmsa idx=1: waiting for an active device state 2022-08-24 08:12:55.761 -0700 Error: pan_secure_conn_load_ccp_from_file(pan_ssl_curl_utils.c:374): failed to open /opt/pancfg/mgmt/cms/ssl/ccp.txt 2022-08-24 08:12:55.761 -0700 pan_secure_conn_config_update_cb is called 2022-08-24 08:12:55.761 -0700 Error: pan_secure_conn_config_update_cb(pan_ssl_curl_utils.c:457): pan_secure_conn__config_update_cb failed 2022-08-24 08:12:56.086 -0700 Error: pan_evtmgr_proxy_broadcast_msg_to_srvcd(ms_evtmgr_proxy.c:552): Proxy configd: agent not connected, unable to broadcast to it 2022-08-24 08:12:56.086 -0700 Error: pan_evtmgr_proxy_broadcast_msg_to_srvcd(ms_evtmgr_proxy.c:552): Proxy reportd: agent not connected, unable to broadcast to it 2022-08-24 08:12:56.086 -0700 Error: pan_evtmgr_proxy_broadcast_msg_to_srvcd(ms_evtmgr_proxy.c:552): Proxy logrcvr: agent not connected, unable to broadcast to it 2022-08-24 08:12:56.086 -0700 Error: pan_evtmgr_proxy_broadcast_msg_to_srvcd(ms_evtmgr_proxy.c:552): Proxy cord: agent not connected, unable to broadcast to it 2022-08-24 08:12:56.086 -0700 Error: pan_evtmgr_proxy_broadcast_msg_to_srvcd(ms_evtmgr_proxy.c:552): Proxy esmonitor: agent not connected, unable to broadcast to it 2022-08-24 08:12:56.086 -0700 Error: pan_evtmgr_proxy_broadcast_msg_to_srvcd(ms_evtmgr_proxy.c:552): Proxy useridd: agent not connected, unable to broadcast to it 2022-08-24 08:12:56.086 -0700 Error: pan_evtmgr_proxy_broadcast_msg_to_srvcd(ms_evtmgr_proxy.c:552): Proxy distributord: agent not connected, unable to broadcast to it 2022-08-24 08:12:56.086 -0700 Error: pan_evtmgr_proxy_broadcast_msg_to_srvcd(ms_evtmgr_proxy.c:552): Proxy iotd: agent not connected, unable to broadcast to it 2022-08-24 08:12:57.082 -0700 cmsa idx=0: waiting for an active device state 2022-08-24 08:12:57.082 -0700 cmsa idx=1: waiting for an active device state 2022-08-24 08:13:07.082 -0700 cmsa idx=1: waiting for an active device state 2022-08-24 08:13:07.082 -0700 cmsa idx=0: waiting for an active device state 2022-08-24 08:13:17.083 -0700 cmsa idx=0: waiting for an active device state 2022-08-24 08:13:17.083 -0700 cmsa idx=1: waiting for an active device state 2022-08-24 08:13:27.083 -0700 cmsa idx=1: waiting for an active device state 2022-08-24 08:13:27.083 -0700 cmsa idx=0: waiting for an active device state 2022-08-24 08:13:36.937 -0700 EM: Register request from iotd seq= 699 2022-08-24 08:13:36.937 -0700 Send registration response to iotd 2022-08-24 08:13:37.083 -0700 cmsa idx=0: waiting for an active device state 2022-08-24 08:13:37.083 -0700 cmsa idx=1: waiting for an active device state 2022-08-24 08:13:40.633 -0700 EM: Register request from useridd seq= 703 2022-08-24 08:13:40.633 -0700 Send registration response to useridd 2022-08-24 08:13:40.767 -0700 EM: Register request from distributord seq= 703 2022-08-24 08:13:40.767 -0700 Send registration response to distributord 2022-08-24 08:13:40.791 -0700 EM: Register request from reportd seq= 703 2022-08-24 08:13:40.791 -0700 Send registration response to reportd 2022-08-24 08:13:41.339 -0700 EM: Register request from logrcvr seq= 704 2022-08-24 08:13:41.339 -0700 Send registration response to logrcvr 2022-08-24 08:13:47.084 -0700 cmsa idx=1: waiting for an active device state 2022-08-24 08:13:47.084 -0700 cmsa idx=0: waiting for an active device state 2022-08-24 08:13:57.085 -0700 cmsa idx=0: waiting for an active device state 2022-08-24 08:13:57.085 -0700 cmsa idx=1: waiting for an active device state 2022-08-24 08:14:00.282 -0700 EM: Register request from configd seq= 723 2022-08-24 08:14:00.282 -0700 Add unkown device 1000000 2022-08-24 08:14:00.282 -0700 Send registration response to configd 2022-08-24 08:14:01.106 -0700 update client device info, n_entries=1 op=1 2022-08-24 08:14:01.106 -0700 Device info updated for client id 1000007 device_registered no 2022-08-24 08:14:07.085 -0700 cmsa idx=1: waiting for an active device state 2022-08-24 08:14:07.085 -0700 cmsa idx=0: waiting for an active device state 2022-08-24 08:14:17.085 -0700 cmsa idx=0: waiting for an active device state 2022-08-24 08:14:17.085 -0700 cmsa idx=1: waiting for an active device state 2022-08-24 08:14:27.086 -0700 cmsa idx=1: waiting for an active device state 2022-08-24 08:14:27.086 -0700 cmsa idx=0: waiting for an active device state 2022-08-24 08:14:37.086 -0700 cmsa idx=0: waiting for an active device state 2022-08-24 08:14:37.086 -0700 cmsa idx=1: waiting for an active device state 2022-08-24 08:14:47.087 -0700 cmsa idx=1: waiting for an active device state 2022-08-24 08:14:47.087 -0700 cmsa idx=0: waiting for an active device state 2022-08-24 08:14:57.087 -0700 cmsa idx=0: waiting for an active device state 2022-08-24 08:14:57.087 -0700 cmsa idx=1: waiting for an active device state 2022-08-24 08:15:07.088 -0700 cmsa idx=1: waiting for an active device state 2022-08-24 08:15:07.088 -0700 cmsa idx=0: waiting for an active device state 2022-08-24 08:15:17.089 -0700 cmsa idx=0: waiting for an active device state 2022-08-24 08:15:17.089 -0700 cmsa idx=1: waiting for an active device state 2022-08-24 08:15:27.089 -0700 cmsa idx=1: waiting for an active device state 2022-08-24 08:15:27.089 -0700 cmsa idx=0: waiting for an active device state 2022-08-24 08:15:37.089 -0700 cmsa idx=0: waiting for an active device state 2022-08-24 08:15:37.089 -0700 cmsa idx=1: waiting for an active device state 2022-08-24 08:15:44.329 -0700 <vsys> tag does not exist 2022-08-24 08:15:44.329 -0700 mgmt internal: client certificate profile commit 2022-08-24 08:15:44.329 -0700 No child nodes present under secure connection server mgmt settings, No updates needed. 2022-08-24 08:15:44.329 -0700 [secure_conn] extract secure_conn userid channel settings SERVER 2022-08-24 08:15:44.329 -0700 [secure_conn] user_id secure comm enabled for SERVER 2022-08-24 08:15:44.329 -0700 No child nodes present under secure connection client mgmt settings, No updates needed. 2022-08-24 08:15:44.329 -0700 [secure_conn] extract secure_conn userid channel settings CLIENT 2022-08-24 08:15:44.329 -0700 [secure_conn] user_id secure comm enabled for CLIENT 2022-08-24 08:15:44.330 -0700 [Secure conn config change] Dropping the connection with primary panorama 2022-08-24 08:15:44.330 -0700 [Secure conn config change] Dropping the connection with secondary panorama 2022-08-24 08:15:44.333 -0700 Error: pan_secure_conn_load_ccp_from_file(pan_ssl_curl_utils.c:374): failed to open /opt/pancfg/mgmt/cms/ssl/ccp.txt 2022-08-24 08:15:44.333 -0700 pan_secure_conn_config_update_cb is called 2022-08-24 08:15:44.333 -0700 Error: pan_secure_conn_config_update_cb(pan_ssl_curl_utils.c:457): pan_secure_conn__config_update_cb failed 2022-08-24 08:16:17.098 -0700 cmsa: agent index=0 2022-08-24 08:16:17.098 -0700 cmsa: agent index=1 2022-08-24 08:16:17.098 -0700 Warning: sc3_get_current_sc3(sc3_utils.c:179): SC3: failed to get SNI 2022-08-24 08:16:17.098 -0700 Warning: sc3_get_current_sc3(sc3_utils.c:182): SC3: failed to get CCN 2022-08-24 08:16:17.098 -0700 [Secure conn] Secure channel for Firewall to panorama communication not enabled for secure conn. 2022-08-24 08:16:17.101 -0700 Warning: sc3_get_current_sc3(sc3_utils.c:179): SC3: failed to get SNI 2022-08-24 08:16:17.101 -0700 Warning: sc3_get_current_sc3(sc3_utils.c:182): SC3: failed to get CCN 2022-08-24 08:16:17.101 -0700 [Secure conn] Secure channel for Firewall to panorama communication not enabled for secure conn. 2022-08-24 08:16:17.113 -0700 Warning: pan_cmsa_mgmt_assign_ssl_ctx(src_panos/cms_agent.c:2353): client using default (legacy) context 2022-08-24 08:16:17.113 -0700 Warning: pan_cmsa_mgmt_assign_ssl_ctx(src_panos/cms_agent.c:2353): client using default (legacy) context 2022-08-24 08:16:17.113 -0700 Warning: sc3_get_current_sc3(sc3_utils.c:179): SC3: failed to get SNI 2022-08-24 08:16:17.113 -0700 Warning: sc3_get_current_sc3(sc3_utils.c:182): SC3: failed to get CCN 2022-08-24 08:16:17.114 -0700 Warning: sc3_get_current_sc3(sc3_utils.c:179): SC3: failed to get SNI 2022-08-24 08:16:17.114 -0700 Warning: sc3_get_current_sc3(sc3_utils.c:182): SC3: failed to get CCN 2022-08-24 08:16:17.359 -0700 COMM: connection established. sock=28 remote ip=10.201.24.12 port=3978 local port=36400 2022-08-24 08:16:17.359 -0700 cms agent: Pre. send buffer limit=87040. s=28 2022-08-24 08:16:17.359 -0700 cms agent: Post. send buffer limit=2097152. s=28 2022-08-24 08:16:17.359 -0700 Error: cs_load_certs_ex(cs_common.c:655): keyfile not exists 2022-08-24 08:16:17.359 -0700 Error: pan_cmsa_tcp_channel_setup(src_panos/cms_agent.c:883): cms agent: cs_load_certs_ex failed 2022-08-24 08:16:17.359 -0700 cmsa: client will use default context 2022-08-24 08:16:17.360 -0700 Warning: pan_cmsa_tcp_channel_setup(src_panos/cms_agent.c:988): client will not use SNI 2022-08-24 08:16:17.369 -0700 panorama agent: ssl channel established. sock=28 ssl=0x55e732bf4680 2022-08-24 08:16:17.369 -0700 The max requests per client is set to 250 for server 0 (fd=-100) 2022-08-24 08:16:17.369 -0700 Device info set to panorama 2022-08-24 08:16:17.952 -0700 update client device info, n_entries=1 op=2 2022-08-24 08:16:17.952 -0700 Device info updated for client id 1000008 device_registered no 2022-08-24 08:16:47.954 -0700 cmsa: agent index=0 2022-08-24 08:16:47.955 -0700 Warning: sc3_get_current_sc3(sc3_utils.c:179): SC3: failed to get SNI 2022-08-24 08:16:47.955 -0700 Warning: sc3_get_current_sc3(sc3_utils.c:182): SC3: failed to get CCN 2022-08-24 08:16:47.955 -0700 [Secure conn] Secure channel for Firewall to panorama communication not enabled for secure conn. 2022-08-24 08:16:47.967 -0700 Warning: pan_cmsa_mgmt_assign_ssl_ctx(src_panos/cms_agent.c:2353): client using default (legacy) context 2022-08-24 08:16:47.967 -0700 Warning: sc3_get_current_sc3(sc3_utils.c:179): SC3: failed to get SNI 2022-08-24 08:16:47.967 -0700 Warning: sc3_get_current_sc3(sc3_utils.c:182): SC3: failed to get CCN 2022-08-24 08:16:48.195 -0700 COMM: connection established. sock=28 remote ip=10.201.24.12 port=3978 local port=36512 2022-08-24 08:16:48.195 -0700 cms agent: Pre. send buffer limit=87040. s=28 2022-08-24 08:16:48.195 -0700 cms agent: Post. send buffer limit=2097152. s=28 2022-08-24 08:16:48.204 -0700 cmsa: client will use default context 2022-08-24 08:16:48.204 -0700 Warning: pan_cmsa_tcp_channel_setup(src_panos/cms_agent.c:988): client will not use SNI 2022-08-24 08:16:48.215 -0700 panorama agent: ssl channel established. sock=28 ssl=0x55e732bf49c0 2022-08-24 08:16:48.215 -0700 Device info set to panorama 2022-08-24 08:16:48.677 -0700 update client device info, n_entries=1 op=1 2022-08-24 08:16:48.677 -0700 Device info updated for client id 1000009 device_registered no 2022-08-24 09:04:36.958 -0700 [Secure conn cfg-mgr trigger update] Sec conn config not changed, No updates needed. 2022-08-24 09:15:37.198 -0700 [Secure conn cfg-mgr trigger update] Sec conn config not changed, No updates needed. 2022-08-24 09:23:20.760 -0700 [Secure conn cfg-mgr trigger update] Sec conn config not changed, No updates needed. 2022-08-24 09:26:21.996 -0700 [Secure conn cfg-mgr trigger update] Sec conn config not changed, No updates needed. 2022-08-24 09:30:30.875 -0700 [Secure conn cfg-mgr trigger update] Sec conn config not changed, No updates needed. 2022-08-24 09:36:30.072 -0700 [Secure conn cfg-mgr trigger update] Sec conn config not changed, No updates needed. 2022-08-24 16:49:14.051 +0000 [Secure conn cfg-mgr trigger update] Sec conn config not changed, No updates needed. 2022-08-24 17:36:53.370 +0000 [Secure conn cfg-mgr trigger update] Sec conn config not changed, No updates needed. 2022-08-25 09:16:20.282 +0000 [Secure conn cfg-mgr trigger update] Sec conn config not changed, No updates needed. 2022-08-25 09:25:50.076 +0000 [Secure conn cfg-mgr trigger update] Sec conn config not changed, No updates needed. 2022-08-25 09:28:28.563 +0000 [Secure conn cfg-mgr trigger update] Sec conn config not changed, No updates needed. 2022-08-25 09:33:37.742 +0000 [Secure conn cfg-mgr trigger update] Sec conn config not changed, No updates needed. 2022-08-25 10:15:07.755 +0000 [Secure conn cfg-mgr trigger update] Sec conn config not changed, No updates needed. 2022-08-25 14:59:51.891 +0000 [Secure conn cfg-mgr trigger update] Sec conn config not changed, No updates needed. 2022-08-25 15:05:42.206 +0000 [Secure conn cfg-mgr trigger update] Sec conn config not changed, No updates needed. 2022-08-25 15:14:44.395 +0000 [Secure conn cfg-mgr trigger update] Sec conn config not changed, No updates needed. 2022-08-25 16:05:12.648 +0000 [Secure conn cfg-mgr trigger update] Sec conn config not changed, No updates needed. 2022-08-26 12:48:57.278 +0000 [Secure conn cfg-mgr trigger update] Sec conn config not changed, No updates needed.     ... View more

Re: Setting up log collection in Panorama

by in Panorama Discussions
‎08-26-2022 02:54 AM
‎08-26-2022 02:54 AM
On the firewall admin@ip-10-201-50-52> show log-collector preference-list Log Collector Preference List Forward to all: No Serial Number: 000710009677 IP Address: 10.201.24.12 IPV6 Address: unknown admin@ip-10-201-50-52> show logging-status ----------------------------------------------------------------------------------------------------------------------------- Type Last Log Created Last Log Fwded Last Seq Num Fwded Last Seq Num Acked Total Logs Fwded ----------------------------------------------------------------------------------------------------------------------------- Log Collector : CMS 0 Connection IP : lr-cms0 Conn Source IP : lr - def High speed mode : Disabled Connection Status : lr - Inactive Rate : 0 logs/sec traffic Not Available Not Available 0 0 0 threat Not Available Not Available 0 0 0 hipmatch Not Available Not Available 0 0 0 gtp-tunnel Not Available Not Available 0 0 0 auth Not Available Not Available 0 0 0 iptag Not Available Not Available 0 0 0 userid Not Available Not Available 0 0 0 sctp Not Available Not Available 0 0 0 decryption Not Available Not Available 0 0 0 config Not Available Not Available 0 0 0 system Not Available Not Available 0 0 0 globalprotect Not Available Not Available 0 0 0 Log Collector : 000710009677 Connection IP : lr-10.201.24.12 Conn Source IP : lr - def High speed mode : Disabled Connection Status : lr - Inactive Rate : 0 logs/sec traffic Not Available Not Available 0 0 0 threat Not Available Not Available 0 0 0 hipmatch Not Available Not Available 0 0 0 gtp-tunnel Not Available Not Available 0 0 0 auth Not Available Not Available 0 0 0 iptag Not Available Not Available 0 0 0 userid Not Available Not Available 0 0 0 sctp Not Available Not Available 0 0 0 decryption Not Available Not Available 0 0 0 config Not Available Not Available 0 0 0 system Not Available Not Available 0 0 0 globalprotect Not Available Not Available 0 0 0 Log Collector : Connection IP : lr-cms1 Conn Source IP : lr - def High speed mode : Disabled Connection Status : lr - Inactive Rate : 0 logs/sec traffic Not Available Not Available 0 0 0 threat Not Available Not Available 0 0 0 hipmatch Not Available Not Available 0 0 0 gtp-tunnel Not Available Not Available 0 0 0 auth Not Available Not Available 0 0 0 iptag Not Available Not Available 0 0 0 userid Not Available Not Available 0 0 0 sctp Not Available Not Available 0 0 0 decryption Not Available Not Available 0 0 0 config Not Available Not Available 0 0 0 system Not Available Not Available 0 0 0 globalprotect Not Available Not Available 0 0 0 On the Panorama admin@Panorama> show logging-status device 007955000324512 Type Last Log Rcvd Last Seq Num Rcvd Last Log Generated Source IP : Default Destination IP : Default Source Daemon : unknown Connection Id : 007955000324512 Log rate: 0 config N/A N/A N/A system N/A N/A N/A threat N/A N/A N/A traffic N/A N/A N/A hipmatch N/A N/A N/A gtp-tunnel N/A N/A N/A userid N/A N/A N/A iptag N/A N/A N/A auth N/A N/A N/A sctp N/A N/A N/A decryption N/A N/A N/A globalprotect N/A N/A N/A Regards timezone, I can confirm both Panorama and Firewalls are configured for Etc/UTC and synced with NTP. See attached screenshot for log collector group. ... View more

Setting up log collection in Panorama

by in Panorama Discussions
‎08-25-2022 08:47 AM
‎08-25-2022 08:47 AM
Hi,   Very new to Palo, just doing a PoC in AWS at the moment.   I've got Panorama and 2 VM-100 firewalls deployed. Trying to get traffic logs from the firewalls into Panorama. I've used the two links below to configure it   https://docs.paloaltonetworks.com/panorama/10-1/panorama-admin/manage-log-collection/log-collection-deployments/deploy-panorama-virtual-appliances-with-local-log-collectors https://docs.paloaltonetworks.com/panorama/10-1/panorama-admin/manage-log-collection/configure-log-forwarding-to-panorama   Everything appears to be setup as per the documentation. Rules are logging, I can see them in the firewall GUI, but no logs appear in the Panorama GUI.   Any suggestions on further debug? ... View more
Register or Sign-in
Contact Me
Online Status
Offline
Date Last Visited
‎12-01-2023 12:16 PM
Latest Tags
No tags yet
Likes From
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks