PA 5400 - No logs seen on the firewall including Traffic, URL filtering, Threat logs etc.
23685
Created On 10/05/21 09:46 AM - Last Modified 10/05/21 09:58 AM
Symptom
After deploying PA 5400 (PA 5450) series firewall there are no local logs seen under the Monitor tab.
Environment
PA 5400 series firewall.
Cause
- High-Speed-Log Forwarding Mode(HSFM) is by default enabled on the PA 5400 series firewalls while it is disabled by default in PA 7000 and PA 5200 series firewalls.
- When HSFM is enabled, all local log storage is disabled.
- Hence there will be no logs visible under the Monitoring tab.
Resolution
Disable HSFM from GUI,
1. Device > Setup > Logging and Reporting Settings > Log Export and Reporting > [Uncheck] Enable High Speed Log Forwarding > OK
2. Commit the config.
Disable HSFM from CLI.
admin@PA-5450> configure Entering configuration mode [edit] admin@PA-5450# set deviceconfig setting management enable-high-speed-log-forwarding no [edit] admin@PA-5450# commitOnce High Speed Log forwarding is disabled and config is committed, check the traffic logs to see if logs are starting to show up.
Additional Information
- By default the logs will be written to the system disk storage.
- For higher log retention period, extra logging disk will have to be installed on the firewall.
- This logging disk will have to be enabled to use it as the local logging disk.