设备遥测无法发送文件，并出现错误：无法发送：在系统日志上看到文件“PA_XXXXXXXX-hr-interval_HOUR.t... - Knowledge Base - Palo Alto Networks

设备遥测无法发送文件，并出现错误：无法发送：在系统日志上看到文件“PA_XXXXXXXX-hr-interval_HOUR.tgz”

11652

Created On 09/26/23 18:54 PM - Last Modified 12/19/23 15:01 PM

Symptom

启用设备遥测后，当防火墙无法将文件发送到 PaloAlto 服务器时，将生成关键系统日志（show log system）

critical device- send-fa 0  Failed to send: file 'PA_00xxxxxx9_dt_10.1.10_20230926_0030_1-hr-interval_HOUR.tgz

device_telemetry_send.log（少mp-log device_telemetry_send.log）显示发送失败，如下图所示

497 dt_send INFO TX_FILE: dest server ip: xx.yy.zz.qq
497 dt_send INFO TX FILE: send_file_cmd: /usr/local/bin/dt_curl -i xx.yy.zz.qq -f /opt/panlogs/tmp/device_telemetry/hour/PA_00xxxxxx9_dt_10.1.10_20230926_0030_1-hr-interval_HOUR.tgz
002 dt_send INFO TX FILE: curl cmd status: 18, 18; err msg: 'Certificate Does Not Exist' 
007 dt_send INFO update send failed count: resend_count: 43, update_count = 44
009 dt_send INFO update_tx_failed_count: failed send: set intvl resend-failed-count to 4

设备证书状态显示无设备证书

> show device-certificate status

Device Certificate information:
No device certificate found

设备遥测设置显示设备证书不存在

> show device-telemetry settings

Device Telemetry Settings:
device-health-performance: yes
product-usage: yes
threat-prevention: yes
region: Americas
status: Device Certificate does not exist

Environment

Palo Alto 防火墙或全景
PAN-OS 10.1 或更高版本
设备遥测

Cause

当防火墙或全景图没有有效的设备证书时，会发生这种情况

Resolution

安装并获取防火墙的有效设备证书。
请参阅安装设备证书
中记录的步骤

Other users also viewed:

How to download GlobalProtect from the Customer Support Portal

Download and Install the GlobalProtect App for Windows

Resource List: GlobalProtect Configuring and Troubleshooting

PAN-OS Software Updates

Where to find the current preferred software versions? (PAN-OS, GlobalProtect, User-ID Agent, Plugins)