Palo Alto Networks Knowledgebase: Panorama Logs Missing in CLI but Display in Web UI
Panorama Logs Missing in CLI but Display in Web UI
Created On 02/07/19 23:40 PM - Last Updated 02/07/19 23:40 PM
Logs are missing in Panorama but are visible when displayed on the Web UI.
When Panorama writes logs to the NFS mount, it writes with “root” access. When a user, who does not have full admin rights, logs into Panorama, the show commands and the reading of logs from NFS will use this user's ID instead of “root”. If the NFS mount is configured to only allow "root" the read/write privileges, the logs from the NFS mount will not be retrievable by a non-root userID. The admin user has root access so his request to the NFS mount has the privileges necessary to retrieve the data.
If Panorama is not pulling logs from NFS or the output of "Show log traffic direction equal backward" or "Show log traffic direction equal forward" and gives no output, check the following:
Does the login ID being used have admin access?
Are the logs on NFS and if so, does the logged in user have rights to access the NFS mount to pull logs?
A superuser should have access to pull logs from NFS.
When Panorama requests / queries the NFS logs it does so using ‘root’ access and these are the logs visible in the WebUI. Panorama is using "root" to pull this data.
Some users may even have mapped the “root” account to another user account on the NFS mount so again, ONLY ‘root’ access will be able to retrieve logs from the NFS mount.