Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Get Started
- News & Events
- Collaboration
- Education Services
- Technologies
- Next-Generation Firewall
- GlobalProtect
- Threat Prevention Services
- Endpoint Protection
- SSL Decryption
- 5G
- IoT Security
- Prisma SD-WAN
Network Security
- Prisma Access
- Prisma SaaS
- Prisma Cloud
- CN-Series
- VM-Series:
- Alibaba
- AWS
- GCP
- Azure
Cloud Security
- Cortex XDR
- Cortex XSOAR
- Cortex Data Lake
Security Operations
- Resources
- COVID-19 Response Center
- LIVEcommunity
- ›
- About shihabhamsa
About shihabhamsa
Announcements
Changes to the LIVEcommunity experience are coming soon... Here's what you need to know.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
08-18-2015
3Posts
1Like
0Solutions
Aug 18, 2015Last Visited
User
Activity
User
Profile
Latest posts by shihabhamsa
| Subject | Views | Posted |
|---|---|---|
| 3313 | 09-18-2012 10:54 PM | |
| 3313 | 09-18-2012 08:36 AM | |
| 3874 | 09-18-2012 04:35 AM |
My Liked Posts
| Subject | Likes | Posted |
|---|---|---|
| 1 | 09-18-2012 10:54 PM |
User Badges
Public Statistics
| Date Registered | 09-18-2012 04:24 AM |
| Date Last Visited | 08-18-2015 09:06 AM |
| Total Messages Posted | 3 |
| Total Likes Received | 1 |
09-18-2012
10:54 PM
1 Kudo
Hi Mbutt, Thank you for the screenshots. I did exactly as you said, but the only thing I didn't do is that I didn't commit after every single step, but I did after everything. Not sure how the PA does normally but in my case PA will take almost 2-4 minutes for each commit. My setup is as following My syslog server listening for port 5140 (I am using 514 for something else) My PA setup Log forwarding Profile My security Rules Service Route (I changed after your reply) After all these I am not getting any hit on syslog server on port 5140, it stays 0 I verified this after dumping on port 5140 for more than 12 hours and still the count is zero. basically I would expect few hundreds hits per second. I have huge activity on my network a tcpdump showing if any hits on the specific port 5140, unfortunately there is 0 hits Here ends my configuration and monitoring. Now I configured the syslog for the system from the following I believe this is for the PA system logs and not related with any user traffic. But when I configure this log to my central logging server I will get hit like 1 or 2 in few minutes This is just to confirm that there is no routing issue between PA and my server and there is no configuration mistakes on both syslog server and PA config. No idea how to proceed now. It was working before. The only change is that I had my server changed to new IP. As sdurga said I had a management server restart, that also didn't help. But when I executed the "debug software restart management-server" command I got an output like the following Process 'mgmtsrvr' executing RESTART Sep 19 07:33:36 Error: pan_read_full(comm_utils.c:97): srvr: fatal recv error. sock=3 err=Connection reset by peer (131)
... View more
09-18-2012
08:36 AM
Absolutely yes. But nothing happens. I just thought of rebooting the device once and remove everything just to start from scratch, "only the logging part"
... View more
09-18-2012
04:35 AM
Hi, I am using PA-2050, with PAN OS 4.1.3. From few days I am trying to configure the syslog to be sent to a central logging system. I followed every possible documentation, but I am not getting any syslogs coming to the syslog server. I tried on syslog server on linux and windows. I tried splunk, kiwi and few more. and finally I could conclude that PA is not sending out the logs to any servers. I followed the configuration as seen on the following URL http://www.sawmill.co.uk/docs/Sawmill-Integration-with-PaloAlto-Networks.pdf Then I used the tcpdump to verify that PA is sending something to my syslog server but the output was 0. I used the tcpdump as following tcpdump -v udp and port 5055 -w test.log by the way I am not using the standard port, instead I am using udp 5055 to listen on my syslog server. The port is open on my syslog server as I can see that in netstat command. Then I configured PA with system logging (Device-> Log Settings -> Config and Device -> log Settings -> System) and what I could see is that system based logs coming to the syslog server, but not anything related to the user traffic. I doubt if I am missing something. Can you people please help me with this.
... View more
Labels:
- Labels:
-
Configuration
-
Management
-
Troubleshooting
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
08-18-2015
09:06 AM
|
Latest Tags
No tags yet
Latest Blogs
Latest Posts
Copyright 2007 - 2021 - Palo Alto Networks
