Unable to Receive Logs in Email
A email server profile is configured where test emails and scheduled reports can be sent to that server from the Palo Alto Networks device, but the following logs cannot be sent:
(From the WebGUI, go to Device tab > Log Settings)
HIP Match logs
( Objects tab > Log Forwarding)
Traffic Settings and Threat Settings
If the Email Server Profile has a “To” email address configured and an “And Also To” email address configured, the mail server must be able to send to both email addresses. Otherwise, email will not be sent to either address.
The Email Server Profile above has both To addresses populated. In this state, logs are not being sent to the server at 192.168.1.68.
The following command verifies that email server is unable to relay to email@example.com:
> tail follow yes lines 25 mp-log ms.log
The Palo Alto Networks firewall is not sending emails to either account configured. Once the firstname.lastname@example.org is removed from the Email Server Profile, this error goes away, and all emails are received on the other email account.