Logging Service shows "device connectivity" error in UI, though the logs are being sent to CDL.

Logging Service shows "device connectivity" error in UI, though the logs are being sent to CDL.

20109
Created On 12/15/21 07:19 AM - Last Modified 02/22/22 01:12 AM


Symptom


1. Screenshot from UI:
     you can see error screen like this:
     User-added image


2. cmd "request logging-service-forwarding status" shows below error mesg: 
================================================
connid: dpilr-abf47254-230b-4485-858e-5e2240acf30e.in2-lc-prod-us.gpcloudservice.com-1-def
================================================
DNS :
    Failed to resolve ip address: abf47254-230b-4485-858e-5e2240acf30e.in2-lc-prod-us.gpcloudservice.com
                           failure
               2021/10/19 11:14:27
Registration :
        
SSL :
        
Status :
           connection unsuccessful
                           failure
               2021/10/19 11:14:27
TCP :
  

But there are also output showing the connection is working:
================================================
connid: dpilr-abf47254-230b-4485-858e-5e2240acf30e.in2-lc-prod-us.gpcloudservice.com-1-61.208.153.193
================================================
DNS :
    Successfully resolved FQDN for connid (dpilr-abf47254-230b-4485-858e-5e2240acf30e.in2-lc-prod-us.gpcloudservice.com-1-61.208.153.193), IP (34.69.208.173)
                           success
               2021/10/19 12:38:03
Registration :
    Successful registration with dpilr-abf47254-230b-4485-858e-5e2240acf30e.in2-lc-prod-us.gpcloudservi
                           success
               2021/10/19 12:38:06
SSL :
           ssl channel established
                           success
               2021/10/19 12:38:05
Status :
             connection successful
                           success
               2021/10/19 12:38:06
TCP :
        tcp connection established
                           success
               2021/10/19 12:38:03

Environment


Customer using customized interface for service route configuration (CDL communication)
User-added image
 

Cause


Customer originally mis-configured to use mgmt port for service route configuration. Then, they changed the config to use customized port.

After changing the config, communication between FW and CDL were done via the customized port, but the old config info was not deleted automatically, and caused an error msg reporting that there is an communication issue between the FW and CDL.

connid: "-def" means it's using mgmt port for service route configuration, "-IP addr" shows the IP addr of the customized interface that's used for service route configuration.
 

Resolution


Run following cmd to restart log-receiver. 
> debug software restart process log-receiver


After running above command, run following cmd to check whether old route info is being cleared: 
> request logging-service-forwarding status



Check UI to see if device connectivity is back to green.

Additional Information


  • Note: restarting mgmtsrvr or rebooting the FW may not fix the issue
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000004MZCCA2&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language