Hi Mbutt, Thank you for the screenshots. I did exactly as you said, but the only thing I didn't do is that I didn't commit after every single step, but I did after everything. Not sure how the PA does normally but in my case PA will take almost 2-4 minutes for each commit. My setup is as following My syslog server listening for port 5140 (I am using 514 for something else) My PA setup Log forwarding Profile My security Rules Service Route (I changed after your reply) After all these I am not getting any hit on syslog server on port 5140, it stays 0 I verified this after dumping on port 5140 for more than 12 hours and still the count is zero. basically I would expect few hundreds hits per second. I have huge activity on my network a tcpdump showing if any hits on the specific port 5140, unfortunately there is 0 hits Here ends my configuration and monitoring. Now I configured the syslog for the system from the following I believe this is for the PA system logs and not related with any user traffic. But when I configure this log to my central logging server I will get hit like 1 or 2 in few minutes This is just to confirm that there is no routing issue between PA and my server and there is no configuration mistakes on both syslog server and PA config. No idea how to proceed now. It was working before. The only change is that I had my server changed to new IP. As sdurga said I had a management server restart, that also didn't help. But when I executed the "debug software restart management-server" command I got an output like the following Process 'mgmtsrvr' executing RESTART Sep 19 07:33:36 Error: pan_read_full(comm_utils.c:97): srvr: fatal recv error. sock=3 err=Connection reset by peer (131)
... View more