Which daemon on the firewall is responsible for forwarding logs to Panorama/Collector?
13886
Created On 09/20/19 22:59 PM - Last Modified 01/29/24 18:35 PM
Question
Which daemon or process on the firewall is responsible for forwarding logs to Panorama/ Log Collector?
Environment
- Any PAN-OS.
- Log forwarding configuration.
Answer
Management-server (mgmtsrvr) daemon on the firewall is responsible for forwarding system and config logs to Panorama/Log Collector.
Log-receiver (logrcvr) daemon on the firewall is responsible for forwarding traffic, threat, URL filtering, and data filtering logs to Panorama/ Log Collector.
Additional Information
If the logging gets stuck, restart the log-receiver service with the following command:
>debug software restart process log-receiver
Alternatively, restart the management server (which also restarts the log-receiver service) with the following command:
> debug software restart process management-server
For detailed troubleshooting steps see Palo Alto Networks Firewall not Forwarding Logs to Panorama (VM and M-100)
- Restarting the management server process usually doesn't impact packet forwarding, except for the fact that it will log out the administrator. It is always advisable to carry out any process restarts during off-peak hours or within a designated maintenance window.