Firewall Log Forwarding fails with error message: Could not initialize FSM

• Firewall log forwarding to log collectors or external services including CDL is not working.
• In logrcvr.log (less mp-log logrcvr.log), "Could not initialize FSM" messages are seen.

  Error: pan_config_parse(pan_log_query.y:116): unable to parse single expr: verdict geq grayware
  Error: pan_log_query_parse_nolock(pan_log_query.c:13065): Invalid operator geq for field verdict
  Error:_query_grp_mgr_add_lq_query_str(pan_query_grp.c:490): Error parsing query:(subtype eq wildfire) AND ((logset eq 'cust_log_forwarding') AND (vsys eq 'vsys1') AND ((verdict geq grayware))) in grp_mgr:query-fsm-grp-mgr-1
  Error: pan_init_fsm_2(pan_log_handler.c:9483): Failed to add filter (logset eq 'cust_log_forwarding') AND (vsys eq 'vsys1') AND ((verdict geq grayware)) to query_grp_mgr
  Error: pan_log_config_phase1(pan_log_receiver.c:15120): could not initialize FSM, log forwarding will not work! 
  
  

• Palo Alto Networks firewalls.
• Supported PAN-OS versions.
• Log Forwarding.

Invalid log  filter set under GUI: Objects > Log Forwarding or under GUI: Device > Log Settings
 

1. Correct or remove the log filter settings under Objects > Log Forwarding or under GUI: Device > Log Settings
2. Commit the configuration

1. GUI: Objects > Log Forwarding > (Profile name) > Click on the Profile entry >Filter
2. Modify or remove the filter and commit.
3. The Log Forwarding entry for threat given below.

Example configuration for Device > Log Setting

1. GUI: Device > Log Setting > (click on the relevant setting) > Filter
2. Modify or remove the filter and commit
3. The Log setting for GlobalProtect entry given below.
4.