There are a few potential issues that may be causing you to not see logs in Panorama for your Palo Alto firewall. Here are a few things to check:
- Logging settings: Make sure that the logging settings on the firewall are configured correctly. To check this, navigate to the firewall’s web interface, click on the “Device” tab and then click on “Setup.” Under the “Management” section, click on “Logging.” Here, you’ll be able to see and modify the logging settings. Verify that logs are being sent to Panorama.
- Network connectivity: Make sure that the firewall and Panorama can communicate with each other. To check this, navigate to the firewall’s web interface, click on the “Monitor” tab and then click on “Network.” Under the “Interfaces” section, you can see the status of the interfaces and make sure that the firewall can reach the Panorama.
- Panorama settings: Make sure that the firewall is added as a managed device in Panorama, and that the logging settings in Panorama are configured to collect logs from the firewall. To check this, log in to Panorama, click on the “Device” tab, and then click on “Managed Devices.” Here, you’ll see a list of managed devices, make sure that firewall is there. Also, click on “Panorama” tab, then “Log Collection” to check that logs are being collected correctly.
- Resources: Make sure that Panorama has enough resources to handle the load of logs and events, particularly if you have a high traffic volume on your firewall. You might want to check the resources like CPU and memory usage on the Panorama.
- Firmware version: Make sure that both the firewall and Panorama are running the latest version of firmware. To check this, navigate to the firewall’s web interface, click on the “Device” tab, and then click on “Software.” Here, you can see the version of firmware running on the firewall. And you can check the same on Panorama too.
- License: Double check that your firewall’s license is not expired and it has logging enabled. To check this, navigate to the firewall’s web interface, click on the “Device” tab, and then click on “Licenses.” Here you can see the details of licenses and their validity
Here are some commands that you can use to troubleshoot the issue of not being able to see logs in Panorama for your Palo Alto firewall:
- Verify the connection between the firewall and Panorama:
ping <Panorama_IP_address>
- Check if the firewall is sending logs to Panorama:
show logging-status
- Verify that the firewall is added as a managed device in Panorama:
show deviceconfig system
This command will give you the information of the firewall that is managed by Panorama.
- Check if the license is correct and not expired
show system info | match "License|Expiration"
This command will give you the information about the licenses installed on the firewall and their expiration date.
- Check the resources
Copy code> show system resource-monitor
This command will give you the information about the resource usage such as CPU, memory and storage.
- Check the communication between firewall and Panorama for any errors
show log system
This command will give you the system logs of firewall and check if there is any error related to communication with Panorama.