日志转发到 Panorama 不与日志转发代理显示为已断开连接
90376
Created On 07/13/20 21:15 PM - Last Modified 03/26/21 18:29 PM
Symptom
- 日志不会从转发到 firewall Panorama 。
- A firewall 能够ping Panorama 和所有所需的端口都已打开,但没有转发日志。
- 显示登录状态 Firewall 表示日志转发代理处于活动状态但未连接。
admin@awst-pavm100-01> show logging-status
-----------------------------------------------------------------------------------------------------------------------------
Type Last Log Created Last Log Fwded Last Seq Num Fwded Last Seq Num Acked Total Logs Fwded
-----------------------------------------------------------------------------------------------------------------------------
> CMS 0
Not Sending to CMS 0
> CMS 1
Not Sending to CMS 1
>Log Collector
'Log Collection log forwarding agent' is active but not connected >>>>>this should be connected
config Not Available Not Available 0 13 0
system Not Available Not Available 0 6882 0
threat Not Available Not Available 0 0 0
traffic Not Available Not Available 0 1578 0
hipmatch Not Available Not Available 0 0 0
gtp-tunnel Not Available Not Available 0 0 0
userid Not Available Not Available 0 0 0
iptag Not Available Not Available 0 0 0
auth Not Available Not Available 0 0 0
sctp Not Available Not Available 0 0 0Environment
- PAN-OS 8.1 及以上。
- 任何 Panorama .
- 任何帕洛阿尔托 Firewall 。
- Panorama 与NATed公共 IP (示例: Panorama 在 AWS 环境中)。
Cause
- Firewall 应显示连接到以下命令中的代理
admin@awst-pavm100-01> show logging-status
-----------------------------------------------------------------------------------------------------------------------------
Type Last Log Created Last Log Fwded Last Seq Num Fwded Last Seq Num Acked Total Logs Fwded
-----------------------------------------------------------------------------------------------------------------------------
> CMS 0
Not Sending to CMS 0
> CMS 1
Not Sending to CMS 1
>Log Collector
'Log Collection log forwarding agent' is active but not connected >>>>>this should be connected
config Not Available Not Available 0 13 0
system Not Available Not Available 0 6882 0
threat Not Available Not Available 0 0 0
traffic Not Available Not Available 0 1578 0
hipmatch Not Available Not Available 0 0 0
gtp-tunnel Not Available Not Available 0 0 0
userid Not Available Not Available 0 0 0
iptag Not Available Not Available 0 0 0
auth Not Available Not Available 0 0 0
sctp Not Available Not Available 0 0 0
- firewall IP 如果配置为NATed,则应在优先列表中显示公共 IP
admin@PW-Plant-1(active)> show log-collector preference-list
Log Collector Preference List
Forward to all: No
Serial Number: 000xxxxxxxxx IP Address: 68.xx.xx.xx IPV6 Address: unknown >>>public ip if Panorama in AWS with NAted Ips
Resolution
- 确保所有所需端口之间 Panorama 和 firewall 。 转介Panorama 所需的端口。
- 做 Panorama 一个本地 的承诺 ,然后一个收藏家小组 推。
- 如果"显示日志记录状态"命令仍然未显示日志转发代理为已连接,只需执行收集器组提交,并在几分钟后再次检查状态。 这可以通过 GUI Panorama:>提交>推送设备>编辑选择>取消选择所有设备组和模板>收藏家组>选择收集组,然后单OK击和推送
- 完成后,日志转发代理将被视为已连接,日志将看到 Panorama 。
admin@PW-Plant-1(active)> show logging-status
-----------------------------------------------------------------------------------------------------------------------------
Type Last Log Created Last Log Fwded Last Seq Num Fwded Last Seq Num Acked Total Logs Fwded
-----------------------------------------------------------------------------------------------------------------------------
> CMS 0
Not Sending to CMS 0
> CMS 1
Not Sending to CMS 1
>Log Collector
'Log Collection log forwarding agent' is active and connected to 68.xx.xx.xx
config Not Available Not Available 0 4356 0
system Not Available Not Available 0 17105965 0
threat Not Available Not Available 0 2789460711 0
traffic 2020/03/04 15:11:26 2020/03/05 07:44:31 146293907669 146288009536 33450
hipmatch Not Available Not Available 0 0 0
gtp-tunnelNot Available Not Available 0 0 0
userid Not Available Not Available 0 0 0
auth Not Available Not Available 0 0 0
sctp Not Available Not Available 0 0 0
-----------------------Additional Information
未连接日志转发代理。