Even though we are not logging to CDL, it is expected to see traffic from Management to it.

Even though we are not logging to CDL, it is expected to see traffic from Management to it.

396
Created On 04/06/22 19:22 PM - Last Modified 11/17/25 20:45 PM


Symptom


We can see the traffic being generated and probably block if we are not aware of this:
PA-444-logs.png

License looks fine as well as the certificate: 
Logging Service Licensed: Yes
Logging Service forwarding enabled: No
Duplicate logging enabled: No
Enhanced application logging enabled: No
Logging Service License Status:
Status:
	Status: success
	Expiration date: July 24, 2023
	Msg: License is valid
	Last Fetched: 2022/04/04 19:25:33
Logging Service Certificate information: 
	Info: Successfully fetched Logging Service certificate
	Not Valid after: 2022-03-03 14:38:48
	Not Valid before: 2021-12-03 14:38:48
	Status: success
	Last fetched: 2021/12/03 15:22:08
We might see these logs on lcaas_agent.log: 
18:09:29,397 lcaas_agent ERROR Failed to fetch ingest/query FQDN for cust 2108641926
19:04:02,363 lcaas_agent INFO Server-cert revocation check status: failed

Environment


  • PAN-OS: Any.
  • Platform: Any Firewall.

Cause


As we are license and we have a valid certificate the Firewall needs to check they are still valid. 

Resolution


Expected behavior.
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000oNXhCAM&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail