Firewall not forwarding system and configuration logs to CDL.

Firewall not forwarding system and configuration logs to CDL.

2033
Created On 08/30/22 18:12 PM - Last Modified 07/11/24 02:33 AM


Symptom


System logs and Configuration logs are not seen in CDL explore App but are visible on the Panorama.

Environment


  • Panorama managed Firewalls
  • PAN-OS 8.1.0, 9.0.0, 9.1.0, 10.0.0
  • Duplicate logging is enabled
  • Cortex Data Lake (CDL)

Cause


PAN-OS Firewalls enabled the duplicate logging cannot forward System and configuration logs to CDL but Traffic and other log types will be forwarded to CDL.
Refer: Forward Logs to Strata Logging Service


Duplicate logging

Resolution


  • Duplicate logging can be disabled where logs are forwarded only to CDL and not to Panorama.
  • Panorama still communicates with CDL and retrieves the logs from CDL and logs are displayed in the monitor tab, however, logs are not stored in the Panorama at all.

Additional Information


Please note once Duplicate logging is disabled logs are not forwarded to Panorama and are only forwarded to CDL.

 
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000sYvJCAU&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail