1. Home
    2. Panorama
    3. Panorama Administrator's Guide
    4. Manage Log Collection
    5. Verify Log Forwarding to Panorama

    Verify Log Forwarding to Panorama

    Verify log forwarding to Panorama once you Configure Log Forwarding to Panorama or to the Cortex Data Lake to test that your configuration succeeded.
    After you configure log forwarding to Log Collectors, managed firewalls open a TCP connection to all configured Log Collectors. These connections timeout every sixty (60) seconds and do not indicate that the firewall has lost connection to the Log Collectors. When you configure log forwarding to a local or Dedicated Log Collector over a supported ethernet interface, the firewall traffic logs show
    incomplete
     sessions despite the firewall being able to successfully connect to the Log Collectors. If you configure log forwarding over the management port, no traffic logs showing
    incomplete
     sessions are generated. Traffic logs showing
    incomplete
     sessions are generated by all firewalls except for the PA-5200 and PA-7000 series firewalls.
    2. If you configured Log Collectors, verify that each firewall has a log forwarding preference list.
      > 
      show log-collector preference-list
      If the Collector Group has only one Log Collector, the output will look something like this:
      Forward to all: No 
Log collector Preference List 
Serial Number: 003001000024 
IP Address: 10.2.133.48 
IPV6 Address: unknown
    3. Verify that each firewall is forwarding logs.
      > 
      show logging-status
      For successful forwarding, the output indicates that the log forwarding agent is active.
      • For a Panorama virtual appliance, the agent is
        Panorama
        .
      • For an M-Series appliance, the agent is a
        LogCollector
        .
      • For the Cortex Data Lake, the agent is
        Log CollectionService.
        . And the 
        ‘Log Collection log forwarding agent’ is active and connected to 
        <IP_address>.
    4. View the average logging rate. The displayed rate will be the average logs/second for the last five minutes.
      • If Log Collectors receive the logs, access the Panorama web interface, select
        Panorama
        Managed Collectors
         and click the
        Statistics
         link in the far-right column.
      • If a Panorama virtual appliance in Legacy mode receives the logs, access the Panorama CLI and run the following command:
        debug log-collector log-collection-stats show incoming-logs
      This command also works on an M-Series appliance.

    Recommended For You

    Recommended Videos

    Recommended videos not found.

    © 2022 Palo Alto Networks, Inc. All rights reserved.

    Techdocs Logo