Hi Mbutt, Thank you for the screenshots. I did exactly as you said, but the only thing I didn't do is that I didn't commit after every single step, but I did after everything. Not sure how the PA does normally but in my case PA will take almost 2-4 minutes for each commit. My setup is as following My syslog server listening for port 5140 (I am using 514 for something else) My PA setup Log forwarding Profile My security Rules Service Route (I changed after your reply) After all these I am not getting any hit on syslog server on port 5140, it stays 0 I verified this after dumping on port 5140 for more than 12 hours and still the count is zero. basically I would expect few hundreds hits per second. I have huge activity on my network a tcpdump showing if any hits on the specific port 5140, unfortunately there is 0 hits Here ends my configuration and monitoring. Now I configured the syslog for the system from the following I believe this is for the PA system logs and not related with any user traffic. But when I configure this log to my central logging server I will get hit like 1 or 2 in few minutes This is just to confirm that there is no routing issue between PA and my server and there is no configuration mistakes on both syslog server and PA config. No idea how to proceed now. It was working before. The only change is that I had my server changed to new IP. As sdurga said I had a management server restart, that also didn't help. But when I executed the "debug software restart management-server" command I got an output like the following Process 'mgmtsrvr' executing RESTART Sep 19 07:33:36 Error: pan_read_full(comm_utils.c:97): srvr: fatal recv error. sock=3 err=Connection reset by peer (131)
... View more
Hi, I am using PA-2050, with PAN OS 4.1.3. From few days I am trying to configure the syslog to be sent to a central logging system. I followed every possible documentation, but I am not getting any syslogs coming to the syslog server. I tried on syslog server on linux and windows. I tried splunk, kiwi and few more. and finally I could conclude that PA is not sending out the logs to any servers. I followed the configuration as seen on the following URL http://www.sawmill.co.uk/docs/Sawmill-Integration-with-PaloAlto-Networks.pdf Then I used the tcpdump to verify that PA is sending something to my syslog server but the output was 0. I used the tcpdump as following tcpdump -v udp and port 5055 -w test.log by the way I am not using the standard port, instead I am using udp 5055 to listen on my syslog server. The port is open on my syslog server as I can see that in netstat command. Then I configured PA with system logging (Device-> Log Settings -> Config and Device -> log Settings -> System) and what I could see is that system based logs coming to the syslog server, but not anything related to the user traffic. I doubt if I am missing something. Can you people please help me with this.
... View more