Device Connectivity in Logging Service Status shows an Error in GUI on PA-5450, PA-7000, and PA-7500 series, however the logs are uploaded to Strata Logging Service.

Device Connectivity in Logging Service Status shows an Error in GUI on PA-5450, PA-7000, and PA-7500 series, however the logs are uploaded to Strata Logging Service.

4002
Created On 02/27/24 00:40 AM - Last Modified 06/06/25 15:43 PM


Symptom


  • Device Connectivity in Logging Service Status shows an Error in GUI on PA-5450, PA-7000, and PA-7500 series.
  • Even with the error message, the logs are uploaded to Strata Logging Service(formerly Cortex Data Lake).

GUI: Device->Setup->Management->Cloud Logging->Cloud logging status->show status 

image.png

 

Environment


  • PA-5450, PA-7000, and PA-7500 series.
  • Strata Logging Service
  • PAN-OS 10.1, 10.2, 11.0, 11.1, 11.2

Cause


  • PA-5450, PA-7000, and PA-7500 series have multiple connection paths to Strata Logging Service. It is configurable and the default setting is 5. 

GUI: Device->Setup->Management->Cloud Logging

  

  • If one or more connection paths fail, the Device Connectivity in Logging Service Status becomes "Error".
  • The connection status is checked with the CLI command “> debug log-receiver log-forwarding-connections status”. 
    > debug log-receiver log-forwarding-connections status

LFP0:
Connection status
------------------------------ -----------
Active: 3    <<<<<
lr0-34.x.x.x-172.16.x.x:
address: 34.x.x.x
status: ready
lr0-34.x.x.x-1-172.16.x.x: 
address: 34.x.x.x 
status: ready
lr0-34.x.x.x-2-172.16.x.x: 
address: 34.x.x.x 
status: ready
Inactive: 2   <<<<<<
lr0-34.x.x.x-3-172.16.x.x: address: 34.x.x.x 
status: disconnected
lr0-34.x.x.x-4-172.16.x.x: address: 34.x.x.x 
status: disconnected
  • In the above case, 3 of 5 paths are active, and 2 are inactive.

Resolution


Depending on the connection status of the CLI command (“debug log-receiver log-forwarding-connections status”) and the actual log upload status, take the following actions.

  1. One or more paths are inactive, log uploads are OK,   Continue to monitor the status until the status changes to "Success".
  2. One or more paths are inactive, some log uploads are failing,  Contact Palo Alto Networks Technical Support.
  3. All paths are inactive then separate troubleshooting is required. Contact Palo Alto Networks Technical Support.

Additional Information


Reference other knowledge articles for the Logging Service.

Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000XhqnCAC&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language