"show logging-status" command shows 0 under "Last Seq Num Fwded " and "Total Logs Fwded" columns on PA-7500 devices
Symptom
The "show logging-status" cli command output in the firewall has 0 under "Last Seq Num Fwded" and "Total Logs Fwded" columns for dataplane logs, and only the "Last Seq Num Acked" column has values
> show logging-status
-----------------------------------------------------------------------------------------------------------------------------
Type Last Log Created Last Log Fwded Last Seq Num Fwded Last Seq Num Acked Total Logs Fwded
-----------------------------------------------------------------------------------------------------------------------------
Log Collector : 027007001720
Connection IP : lr-cms0
Conn Source IP : lr - def
High speed mode : Enabled
Connection Status : lr - Active
Rate : 0 logs/sec
traffic Not Available Not Available 0 7271767781621719718 0
threat Not Available Not Available 0 0 0
hipmatch Not Available Not Available 0 0 0
gtp-tunnel Not Available Not Available 0 0 0
auth Not Available Not Available 0 0 0
iptag Not Available Not Available 0 0 0
userid Not Available Not Available 0 0 0
sctp Not Available Not Available 0 0 0
decryption Not Available Not Available 0 0 0
config 2025/03/28 14:21:41 2025/03/28 14:22:53 7486810179468525570 7486810179468525570 2
system 2025/04/01 10:05:24 2025/04/01 10:05:25 7486810179469309463 7486810179469159031 170795
globalprotect Not Available Not Available 0 0 0Environment
- PA-7500
Cause
The "show logging-status" command on PA-7500 does not give the correct output for DP logs. It shows correct values only for MP logs(system/config/alarm).
This is because for PA-7500, the Logrcvr runs on every DP to collect logs. There are six DPs per DPC and every DP has its own instance of logrcvr to collect locally generated session logs. In order to check the logging status of DP logs, the dp-name needs to be included in the command as "show logging-status dp-name sxdpx" (where sx denotes the slot number and dpx denotes the dataplane number)
show logging-status dp-name s2dp0
-----------------------------------------------------------------------------------------------------------------------------
Type Last Log Created Last Log Fwded Last Seq Num
Fwded Last Seq Num Acked Total Logs Fwded
-----------------------------------------------------------------------------------------------------------------------------
Log Collector : 027007001720
Connection IP : lr-cms0
Conn Source IP : lr - def
High speed mode : Enabled
Connection Status : lr - Inactive
Rate : 0 logs/sec
traffic 2025/04/22 11:28:32 2025/04/22 11:28:46
2307803734798771251
2307803734798771251 496
threat Not Available Not Available
0 0 0
hipmatch Not Available Not Available
0 0 0
gtp-tunnel Not Available Not Available
0 0 0
auth Not Available Not Available
0 0 0
iptag Not Available Not Available
0 0 0
userid Not Available Not Available
0 0 0
sctp Not Available Not Available
0 0 0
decryption Not Available Not Available
0 0 0
config Not Available Not Available
0 0 0
system Not Available Not Available
0 0 0
globalprotect Not Available Not Available
0 0 0
Resolution
Ensure to include the dp-name in the "show logging status" command as "show logging-status dp-name sxdpx" to view the logging status for DP logs