Symptom
After changing back time manually, the WebGUI stops showing the traffic log.
Troubleshooting Steps
- Run the show log traffic direction equal backward command and see if the traffic log is displayed on CLI. If so, it is a WebGUI issue.
- Run the debug log-receiver statistics command and see if "Traffic logs written" gets counted up.
> debug log-receiver statistics
Logging statistics
-----------------------------------------
Log incoming rate: 0/sec
Log written rate: 0/sec
Corrupted packets: 0
Corrupted URL packets: 0
Logs discarded (queue full): 0
Traffic logs written: 1292
- Run the debug log-receiver on debug command to enable log-receiver debug log. Next, run tail follow yes mp-log logrcvr.log and look for following messages:
> tail follow yes mp-log logrcvr.log
Feb 24 14:09:50 pan_logrcvr(pan_log_receiver.c:1806): real data
Feb 24 14:09:50 pan_logrcvr(pan_log_receiver.c:1764): try select
Feb 24 14:09:53 pan_logrcvr(pan_log_receiver.c:1796): pipe data
Feb 24 14:09:53 pan_logrcvr(pan_log_receiver.c:1764): try select
Cause
The request from the GUI to retrieve the logs has a time stamp in it. When the time is manually changed back, it creates the mismatch between the GUI time stamp and the logs, so the system does not retrieve logs.
Workaround
Since this happens in such a specific scenario, the issue can be avoided by not changing back the time manually. If this scenario occurs, it can be recovered by running the following CLI command:
Pre PAN-OS 7.0
> debug software restart log-receiver
starting from PAN-OS 7.0
> debug software restart process log-receiver
owner: ymiyashita