Log Collection log forwarding agent is active but not connected

Log Collection log forwarding agent is active but not connected

26343
Created On 02/29/20 04:36 AM - Last Modified 06/30/20 01:05 AM


Symptom


  • show logging-status command displays  "Log Collection log forwarding agent is active but not connected".
  • ms.logs displays "Error: pan_system_log_handle(pan_log_handler.c:5000): could not get log write".

Environment


  • PAN-OS 9.0.4.
  • Palo Alto Firewall.
  • Log Forwarding to Cortex Data Lake is configured.

Cause


Logging Service was set to send logs to only the Cortex Data Lake instead of both Panorama and Cortex Data Lake.

 

Resolution


  1. Enable the logs to be sent to Panorama along with Cortex Data Lake by using GUI: Device > Set Up > Management > Logging Service  and  select "Enable Duplicate Logging".
Logging Service
 
  1. Perform Commit operation. Once committed, logs will be seen both in Cortex Data Lake and Local Panorama.
  2. show logging-status  command should now display as connected. 
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/kcSArticleDetail?id=kA10g000000POtm&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FkcSArticleDetail

Choose Language