Log transfer to Cortex Data Lake stopped after license renewal

Log transfer to Cortex Data Lake stopped after license renewal

1248
Created On 08/25/23 02:42 AM - Last Modified 06/04/25 19:14 PM


Symptom


  • Firewall configured to send logs to Cortex Data Lake (CDL).
  • CDL license has been purchased and active.
  • After renewal of the CDL license, the log transfer to cortex data lake stops.
  • The output of ms.log (less mp-log ms.log) shows the license as expired. 
04:05:15.246 +0900 Error:  pan_cfg_mgr_check_lcaas_licensed(pan_cfg_mgr.c:42796): Logging Service license is expired. Renew license to proceed.
  • The license is expected to be updated automatically by the daily license check.
  • This gets triggered when one of the licenses has expiration date within 15 days.

Environment


  • Palo Alto Firewalls
  • Supported PAN-OS
  • Cortex Data Lake (CDL)
  • Log Forwarding

Cause


The firewall does not renew the CDL license automatically.

Resolution


  1. As a workaround Update the license on the Firewall Manually. Refer to How to Retrieve License on the Firewall.
  2. The issue is fixed in PAN-OS 11.0 and fix for other PAN-OS version is in works.

Additional Information


The License expiration date and the expiration status can be found in the output of request license info" command.

License entry:
Feature: Logging Service
Description: Device Logging Service
Serial: xxxxxxxxxxxxxx
Issued: January 06, xxxx
Expires: January 04, xxxx
Expired?: yes             
Log Storage TB: 2
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000XgEnCAK&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail