If Multiple Log-Collectors configured, Panorama lost log entries when HA failover happens on Panorama

If Multiple Log-Collectors configured, Panorama lost log entries when HA failover happens on Panorama

15980
Created On 10/12/20 01:53 AM - Last Modified 10/30/20 09:19 AM


Symptom


A part of forwarded traffic logs are missing which sent from managed firewall on Panorama, if HA failover happens on Panorama.
This does not happen if Log Collector Group has only one Log Collector.

Environment


This happens if multiple Log Collectors are configured per Log Collector Group.

Cause


This is our current design. With Multiple Dedicated Log Collector per Collector Group, Panorama lost log entries if there is a failover/disconnection.
If failover happens, elasticsearch process will be restarted and this restarts vldmgr as well.
Because of these restarts, the logs in the queue are lost. That is, the log messages in the queue at around restarting elasticsearch/vldmgr process will be lost.
 

Resolution


It's our current design of PAN-OS 9.1 or earlier. In this release, there is no workaround.
 
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000HB8vCAG&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language