Dedicated Log Collector: Log Collection log forwarding agent' is active but not connected
17735
Created On 06/23/22 06:30 AM - Last Modified 01/31/23 07:24 AM
Symptom
- Logs from the newly added Firewall are not visible under Panorama GUI: Monitor tab.
- CLI command 'show log-collector preference-list' in the Firewall displays log collector IP and SN.
> show log-collector preference-list
Log Collector Preference List
Forward to all: No
Serial Number: 000xxxxxx94 IP Address: X.Y.Z.Q IPV6 Address: unknown
- CLI command 'show logging-status' in the Firewall displays 'Log Collection log forwarding agent' is active but not connected'
- In the "/var/log/pan/configd.log" of log collector, we see the connection attempt from the affected firewall's serial number.
2022-06-07 15:31:34.859 +0700 Processing lcs-register message from device '000xxxxxx94'
- CLI command 'show devices connected' in the log-collector doesn't show the newly added firewall.
- CLI command 'show jobs all' in the log-collector displays the last commit was failed with the below error message.
..
At least one local Superuser needs to be defined in Administrators.
Configuration is invalid
[edit]
Environment
- Panorama configured as dedicated Log Collector.
- PAN-OS 10.0 and above
Cause
At least one admin user configured for Dedicated Log collector
Resolution
To resolve, one must create an admin user and assign the Admin role via Log-Collector CLI:
- Log in to the CLI of Log Collector
- Go into configure mode and create/Add a management user and assign a role.
- Commit the configuration.
> configure
# set mgt-config users <name> password => creates user if it does not exist.
# set mgt-config users <name> permissions role-based superuser
# commit
# exit