ACC 升级 Panorama 到10.0后报告中断

ACC 升级 Panorama 到10.0后报告中断

15601
Created On 04/07/21 03:39 AM - Last Modified 06/03/25 03:00 AM


Symptom


CASE 1:
Panorama 管理升级到 PAN-OS 10.0.x 版本,而日志收集器仍在旧版上运行 PAN-OS ( <10.0.x )version.
ACC 报告显示"没有数据显示"下的任何小部件可用于例如:应用程序使用,用户活动,源 IP 活动等,虽然显示一些图表。

用户添加的图像
  • CASE 2:
Panorama 已升级到10.0.x版本,而PanOS防火墙在 <10.0.x version AND
选项卡下选择的数据源 ACC 上运行 Panorama 是"远程设备数据"
 
 
用户添加的图像

 
在这两种情况下,WebUI 调试都显示,当 Panorama 10.0.x 是 ACC 来自日志收集器或 Firewall <10.0.x, it uses a new report field:  "源配置文件"的投票报告时
<entry name="custom-dynamic-report">
    <start-time>2021/04/06 19:45:00</start-time>
    <end-time>2021/04/06 19:45:00</end-time>
    <no-resolve>yes</no-resolve>
    <widgetName>ACC_Application_Usage</widgetName>
    <widgetType>graph_ext-comp-5460</widgetType>
    <topn>500</topn>
    <type>
      <trsum>
        <aggregate-by>
          <member>category-of-app</member>
          <member>subcategory-of-app</member>
          <member>app</member>
          <member>risk-of-app</member>
        </aggregate-by>
        <values>
          <member>bytes</member>
          <member>sessions</member>
          <member>nthreats</member>
          <member>ncontent</member>
          <member>nurlcount</member>
          <member>nunique-of-users</member>
          <member>nunique-of-src_profile</member>   <<<<<<<<<<<<<<
        </values>
        <sortby>bytes</sortby>
      </trsum>
    </type>
  </entry>
Firewall 毫秒.log显示:
2021-04-06 19:45:00.418 -0800 report job mgr: spawning report thread for 725...2021-04-06 19:45:00.418 -0800 debug: pan_report_handle_generate
(pan_report_handler.c:1490): buffer returned is:
<result>
    <msg>
      <line>Report job enqueued with jobid 725</line>
    </msg>
    <job>725</job>
  </result>
2021-04-06 19:45:00.418 -0800 Report 725 is processed by thread 3240417024
2021-04-06 19:45:00.418 -0800 Report 725 timeout(725) added for 86400 sec
2021-04-06 19:45:00.418 -0800 debug: pan_reportjobmgr_process_reportjob(pan_report_mgr.c:5842): 2021-04-06 19:45:00.418 -0800 debug: pan_reportjobmgr_thread
                         (pan_report_mgr.c:7474): Reportjob manager processing a request from cms
Consumer:list is empty, waiting for reportjobs
2021-04-06 19:45:00.418 -0800 report generation started for 'custom-dynamic-report'
2021-04-06 19:45:00.418 -0800 debug: pan_report_engine_ctxt_destruct(pan_report_mgr.c:11836): pan_report_engine_ctxt_destruct: [In thread: 8510] - The nrefs
                         of rectxt: 0x7fb3eda9e800 is 1
2021-04-06 19:45:00.418 -0800 Error:  _pan_report_results_construct(pan_reports.c:5496): Invalid field name nunique-of-src_profile for aggregation value        
2021-04-06 19:45:00.419 -0800 Error:  __pan_report_query(pan_reports.c:9516): Unable to construct a report result structure
2021-04-06 19:45:00.419 -0800 Error:  pan_reportjobmgr_process_cms_request_on_device(pan_report_mgr.c:1403): failed to compute results
2021-04-06 19:45:00.419 -0800 debug: pan_reportmgr_send_jobid_to_cms(pan_report_mgr.c:1542): Sending report jobid 725 to cms
2021-04-06 19:45:00.419 -0800 BATCH: killing non-batch job 725
2021-04-06 19:45:00.419 -0800 BATCH: received request to kill a report 725
2021-04-06 19:45:00.419 -0800 BATCH: schedule to kill report 725, current result_state 0

 

Environment


  • 任何 Panorama 带有 PAN-OS 10.0. X 版本
  • 管理防火墙或日志收集器与 PAN-OS 版本<10.0.X

Cause


  • 从 10.0.x 开始, ACC 报告有很多新的领域为前: "不。来源配置文件"," 否。目的地配置文件" 等。

用户添加的图像
GUI:监控>管理>自定义报告
  • 由于这些字段在 9.1.x 和较低版本上不可用, ACC 如果在投票报告中使用任何新字段,则报告将中断。

Resolution


  1. 对于案例 1:要么将日志收集器升级为与管理服务器相同的主要版本 Panorama ,要么 Panorama 将管理服务器降级为与日志收集器相同的主要版本。
  2. 对于案例 2:要么避免使用"远程设备数据"作为报告的数据源 ACC ,要么将防火墙升级到 10.0.x 版本。 请参阅下文。
Panorama 数据源
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000001V4eCAE&lang=zh_CN&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language