Strata Logging Service
Strata Logging Service Known Issues
Table of Contents
Strata Logging Service Known Issues
View open issues with Strata Logging Service.
Here are the known issues we’re working on for Strata Logging Service.
Issue ID | Description |
|---|---|
| DIT-52555 | There is a case mismatch in Vendor Name field value for logs from Palo Alto Networks devices. For the DNS log type, the Vendor Name is displayed as 'palo alto networks' (in lower case), while for all other log types, it is displayed as 'Palo Alto Networks' (in title case). |
| DIT-49046 | Due to the paused purging of data during the migration of Strata Logging Service to the new license tier, you may observe higher storage usage than your current subscription. This is a temporary measure and storage retention will return to normal once the migration is complete at the end of your contract term. |
| APL-27692 | When you create a log forwarding profile to forward logs to Snowflake, if you provide the wrong Account Identifier, the Test Connection takes a long time to display the error. |
| VRPT-9314 | When you query the Remote Browser Isolation logs with Time Generated High Resolution ‘=’ or ‘!=’ a value, the records displayed are incorrect. |
| DIT-35341 | If firewalls are managed by a Panorama high availability (HA) pair, the Panorama SN field in firewall logs shows the serial number of either the primary or secondary Panorama device. However, this does not impact functionality. |
| APL-12280 | Log forwarding does not currently support GCM cipher suites. |
|
APL-14693
|
(PAN-OS 10.1 or later) Firewalls with a device certificate
that were onboarded through IoT Security do not appear among the
list of devices in the Strata Logging Service app.
|
|
APL-15000
|
(PAN-OS 10.1 or later) When you move a firewall from one Strata Logging Service instance to another, it can take up to
an hour for the firewall to begin sending logs to the new
instance.
|
| APL-19005 | In your Inventory, connected Prisma Access firewalls may appear as only Partially Connected. |
| APL-19140 | In your Inventory, the connection status of a firewall can take up to two minutes to reflect the latest changes. |
| APL-19264 | On the Dashboard, you may experience longer than normal load times when trying to view Incoming Log Table or Forwarding Log Table over the last 7 or 30 days |
| APL-7831 |
(Panorama 10.0.2 or later) To see results for a custom
report on Strata Logging Service logs in Panorama (), you must add the same option that you have in the
Sort By field to
Selected Columns. For example, if
you choose to sort the report by Action, you
must also select Action from
Available Columns.
|
| APL-8269 |
(Panorama 10.0) For data retrieved from Strata Logging Service, the Threat Name column in appears blank.
|
| APL-9063 |
(Panorama 10.0.2 or later) You cannot schedule Threat Trend
or Risk Trend pre-defined reports on Strata Logging Service logs. This will cause the report to
fail.
|
| APO-1475 | A Traffic Summary report on Panorama with the Group By set to Virtual System does not generate successfully. The report indicates that there are no matching records for the report. |
| APO-364 | Scheduled reports are not supported. In
addition, you cannot generate reports on detailed logs stored on the Strata Logging Service. Only Run
Now summary reports are available for
now. Workaround: Upgrade to PAN-OS 10.0.2 or later
and Cloud Services Plugin 1.8.0 or later to run Scheduled reports on
Strata Logging Service logs. |
| ATHNA-1054 |
When you form log queries for GlobalProtect Troubleshooting logs in
Explore or Log
Forwarding, using the proper name of a country in
the Locale field will not return results.
Workaround: Use a different name for the Locale for which you
are querying. Example: Instead of Locale = “United
States” use Locale =
“en-us;English”.
|
| CYR-2437 | If you have configured Panorama to use a proxy server (), all traffic to Strata Logging Service will
bypass the proxy server. Workaround: (PAN-OS 10.0 and
later) Send logs to Strata Logging Service through a
proxy server by selecting DeviceSetupServicesSettings ( 
|
| DIT-22298 | In Explore, the same traffic may have
different values for the is_decrypt field when viewed in
Traffic or Decryption logs. For example, a
Traffic log may have is_decrypt == true, and the
Decryption log for the same event may have
is_decrypt == false. Workaround: Check the
is_proxy field. That value should tell you whether the
traffic was actually decrypted. True means it was decrypted and
False means it wasn’t. |