Correlation Events are not showing on Panorama from firewall

Correlation Events are not showing on Panorama from firewall

8449
Created On 02/22/19 16:48 PM - Last Modified 02/24/21 03:02 AM


Symptom


  • Correlation Events are not showing on Panorama for the particular firewall. The firewall is displaying correlation events correctly.
  • This issue can be seen on Panorama as it will query log-collector to provide threat logs

Environment


  • Any Panorama.
  • PAN-OS 8.0 and 8.1.
  • Correlation events.

Cause


Correlation events are generated locally on the device. It will not be forwarded from Firewall to Panorama or Log Collector.
Correlation events are generated via threat logs.
Panorama queries the Log Collector to get the threat log and generates correlation Logs.

Resolution


  1. If the version of antivirus on the log-collector is not the same as the antivirus version installed on Panorama, no correlation logs are generated or seen.
  2. Each device needs to have an Antivirus version installed to generate correlation events and also needs to be the same version on all devices (Firewall, Panorama, Log-Collector).
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/kcsArticleDetail?id=kA10g000000boAf&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FkcsArticleDetail

Choose Language