Which logs are required to troubleshoot Missing logs on Cortex Data Lake?
9176
Created On 03/25/20 22:39 PM - Last Modified 03/30/20 20:16 PM
Question
Which logs are required to troubleshoot Missing logs on Cortex Data Lake?
Environment
- Any Panorama.
- PAN-OS 8.1 and above.
- Palo Alto Firewall.
- Log forwarding configured to Cortex Data Lake.
Answer
The following information is needed to troubleshoot missing logs on Cortex Data Lake.
Firewall:
firewall> request logging-service-forwarding status
firewall> request logging-service-forwarding customerinfo show
firewall> request logging-service-forwarding certificate info
firewall> show system state | match lcaas
firewall> show system state | match saas
firewall> show logging-status (run this command 3-4 times pausing 5-10 secs each time)
firewall> show log traffic direction equal backward query equal "actionflags has fwd"
If duplicate logging feature is enabled(Under Device > Setup > Management > Logging Service widget), run -
firewall> debug log-receiver rawlog_fwd_trial stats global show verbose
firewall> debug log-receiver rawlog_fwd_trial evtmgr
firewall> debug log-receiver rawlog_fwd_trial connmgr
Panorama:
Panorama> show system state | match saas
Panorama> show plugins cloud_services panorama-certificate status
Panorama> request plugins cloud_services logging-service status