NGFW dont send logs to Panorama device

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

NGFW dont send logs to Panorama device

L1 Bithead

Hello Team,

I had the following scenario, 1 HA NGFW pair and a Panorama device on Panorama mode on the 10.2.8-h4 pan-os version, and on the Panorama device we don't see any logs from the active NGFW. I checked the Log Forwarding profiles, Permitted IPs on the MGT's interfaces and only with the show log-collector preference-list command on the CLI we get the following output on the active device:

user@NGFW(active)> show log-collector preference-list

Logging Service Preference List
Forward to all: Yes
Serial Number: PANW_LOG_RECEPTOR_SRV FQDN: -lc-prod-eu.gpcloudservice.com

We send logs to CDL (Cortex Data Lake) or Strata Logging Service and to Panorama as well, but on the previous command we just see the preference list with the CDL instance but no the Panorama device.

With the show logging-status command we have the following output on the active device:

user@NGFW(active)> show logging-status


-----------------------------------------------------------------------------------------------------------------------------
Type Last Log Created Last Log Fwded Last Seq Num Fwded Last Seq Num Acked Total Logs Fwded
-----------------------------------------------------------------------------------------------------------------------------

Log Collector :
Connection IP : lr-cms0
Conn Source IP : lr - def
High speed mode : Disabled
Connection Status : lr - Inactive
Rate : 0 logs/sec

traffic Not Available Not Available 0 0 0
threat Not Available Not Available 0 0 0
hipmatch Not Available Not Available 0 0 0
gtp-tunnel Not Available Not Available 0 0 0
auth Not Available Not Available 0 0 0
iptag Not Available Not Available 0 0 0
userid Not Available Not Available 0 0 0
sctp Not Available Not Available 0 0 0
decryption Not Available Not Available 0 0 0
config Not Available Not Available 0 0 0
system Not Available Not Available 0 0 0
globalprotect Not Available Not Available 0 0 0

Do you have any idea about how to fix this issue with the log forwarding?

Regards,

1 accepted solution

Accepted Solutions

Cyber Elite
Cyber Elite

Hello @DanielS.Romero

 

thanks for post!

 

Are you trying to send logs from Firewall to SLS and Panorama at the same time? If yes, then you will have to select: "Enable duplicate logging" check box. Could you scroll down to point No.4 in this link: https://docs.paloaltonetworks.com/strata-logging-service/activation-and-onboarding/onboard-overview

 

Kind Regards

Pavel

 

 

Help the community: Like helpful comments and mark solutions.

View solution in original post

3 REPLIES 3

L1 Bithead

I attached an additional validation command on the Panorama's CLI, probing that the Panorama doesn't received any logs from the active NGFW with serial 1233324233640:

user@Panorama> show logging-status device 1233324233640

Type Last Log Rcvd Last Seq Num Rcvd Last Log Generated


Source IP : Default
Destination IP : Default
Source Daemon : unknown
Connection Id : 1233324233640
Log rate: 0
config N/A N/A N/A
system N/A N/A N/A
threat N/A N/A N/A
traffic N/A N/A N/A
hipmatch N/A N/A N/A
gtp-tunnel N/A N/A N/A
userid N/A N/A N/A
iptag N/A N/A N/A
auth N/A N/A N/A
sctp N/A N/A N/A
decryption N/A N/A N/A
globalprotect N/A N/A N/A

Cyber Elite
Cyber Elite

Hello @DanielS.Romero

 

thanks for post!

 

Are you trying to send logs from Firewall to SLS and Panorama at the same time? If yes, then you will have to select: "Enable duplicate logging" check box. Could you scroll down to point No.4 in this link: https://docs.paloaltonetworks.com/strata-logging-service/activation-and-onboarding/onboard-overview

 

Kind Regards

Pavel

 

 

Help the community: Like helpful comments and mark solutions.

L1 Bithead

Hello @PavelK 

Thanks a lot for your answer, I try checking that check con the NGFWs and then the NGFWs starting send logs traffic to the Panorama device, thanks again!

Regards,

  • 1 accepted solution
  • 415 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!