Unable to Receive Logs in Email
Resolution
Issue
A email server profile is configured where test emails and scheduled reports can be sent to that server from the Palo Alto Networks device, but the following logs cannot be sent:
(From the WebGUI, go to Device tab > Log Settings)
System logs
Config logs
HIP Match logs
Alarm logs
( Objects tab > Log Forwarding)
Traffic Settings and Threat Settings
Resolution:
If the Email Server Profile has a “To” email address configured and an “And Also To” email address configured, the mail server must be able to send to both email addresses. Otherwise, email will not be sent to either address.
Example:
The Email Server Profile above has both To addresses populated. In this state, logs are not being sent to the server at 192.168.1.68.
The following command verifies that email server is unable to relay to test@gmail.com:
> tail follow yes lines 25 mp-log ms.log
The Palo Alto Networks firewall is not sending emails to either account configured. Once the test@gmail.com is removed from the Email Server Profile, this error goes away, and all emails are received on the other email account.
owner: jseals