Commit fails with error 'panorama -> log-settings -> url unexpected here' after switching mode from legacy to Panorama mode

Commit fails with error 'panorama -> log-settings -> url unexpected here' after switching mode from legacy to Panorama mode

38220
Created On 12/12/19 23:52 PM - Last Modified 04/02/24 22:02 PM


Symptom


  • In order to optimize  VM Panorama for the purpose of log storage and report generation, one can switch from panorama from default legacy mode to Panorama mode.
  • After converting Panorama from legacy to Panorama mode, Commit fails with error 'panorama -> log-settings -> url unexpected here'.
Detail of the error messages is as below: 
Can't commit changes to Panorama.
Validation Error
panorama -> log-settings -> url unexpected here
panorama -> log-settings is invalid

Environment


  • VM Panorama in Panorama mode.
  • PAN-OS 7.1 and above.

Cause


  • Validation fails with the above error message because URL is no more a configuration-option under GUI: Panorama > Log-settings once you are in Panorama mode.
  • In Legacy mode, Panorama has configuration options under Log Settings for URL/Data/Correlation. Panorama mode does not have them anymore under GUI: Panorama > log-settings.
  • Keeping configurations of either URL, Data or Correlation in  XML configuration under GUI: Panorama > Log-settings would cause validation error as expected
Note: If you want to forward logs for categories URL, Data or Correlation, you need to set the forward Method under GUI: Collector Group > Collector Log Forwarding > URL/Data/Correlation tab.

Resolution


To get rid of commit-failure on Panorama converted to Panorama mode, follow the steps below.
  1. Export Candidate configuration from GUI: Panorama > Setup > Operations > Export named Panorama Configuration snapshot and save the file to your machine
  2. Use Notepad++ or XML editor to edit the exported candidate configuration and remove the below entries that are highlighted.  
<panorama>
    <log-settings>
    ...
      <correlation>
        <match-list>
          <entry name="correlation-high">
            <filter>(severity eq high)</filter>
          </entry>
          <entry name="correlation-critical">
            <filter>(severity eq critical)</filter>
          </entry>
        </match-list>
      </correlation>
      <url>
        <match-list>
          <entry name="panorama-url-critical">
            <filter>(severity eq critical)</filter>
          </entry>
        </match-list>
      </url>
      <data>
        <match-list>
          <entry name="panorama-data-critical">
            <filter>(severity eq critical)</filter>
          </entry>
        </match-list>
      </data>
    </log-settings>
  1. From Panorama GUI: Device > Setup > operations, Import then load your custom Panorama candidate-config.
  2. Validate/Commit any changes and commit will be successful.


 
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PNpPCAW&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language