End-of-Life (EoL)
After you Configure Log Forwarding to Panorama, test that your configuration succeeded.
After you configure log forwarding to Log Collectors, managed firewalls open a TCP connection to all configured Log Collectors. These connections timeout every sixty (60) seconds and do not indicate that the firewall has lot connection to the Log Collectors. When you configure log forwarding to a local or Dedicated Log Collectors over an ethernet interface, the firewall traffic logs show incomplete sessions despite the firewall being able to successfully connect to the Log Collectors. If you configure log forwarding over the management port, no traffic logs showing incomplete sessions are generated. Traffic logs showing incomplete sessions are generated by all firewalls except for the PA-5200 and PA-7000 series firewalls.
Verify Log Forwarding to Panorama
Access the firewall CLI.
If you configured Log Collectors, verify that each firewall has a log forwarding preference list. > show log-collector preference-list If the Collector Group has only one Log Collector, the output will look something like this: Log collector Preference List Serial Number: 003001000024 IP Address:
Verify that each firewall is forwarding logs. > show logging-status device <firewall-serial-number> For successful forwarding, the output indicates that the log forwarding agent is active. For a Panorama virtual appliance, the agent is Panorama . For an M-Series appliance, the agent is a Log Collector .
View the average logging rate. The displayed rate will be the average logs/second for the last five minutes. If Log Collectors receive the logs, access the Panorama web interface, select Panorama > Managed Collectors and click the Statistics link in the far-right column. If a Panorama virtual appliance receives the logs, access the Panorama CLI and run the following command: debug log-collector log-collection-stats show incoming-logs This command also works on an M-Series appliance.

Recommended For You