I decided to install the latest PA app but wanted to ensure no residual problems as others have had in the community so I deleted all PA related apps/add-ons, TA's, and the index. Clean sweep. I combed through both the SH and IDX and nothing remained from PA. I restarted both systems before proceeding.
I then installed the latest PA app on the SH and IDX. Edited the inputs.conf to adjust the port per the Getting Started guide. Modified the input port to UDP 5514. I proceeded to create the index followed by a full restart of both the SH and IDX.
Tested the basic indexing using index=pan_logs. Data is flowing, HOWEVER... I get all those lookup errors others have experienced as a result of upgrading from an older version:
"Error 'Could not find all of the specified destination fields in the lookup table.' for conf 'pan:config' and lookup table 'pan_vendor_info_lookup'."
Since I did a complete, full wipe, restart on both SH and IDX, a fresh reinstall of the app, configured per the Getting Started guide, I am confused as to why it is not working and those errors still exist. It's a very small lab environment. Nothing weird. Just basic Windows TA's, etc. Yes, I checked perms and nothing was out of place.
I have a PA-200 if it matters... The syslog settings have been configured on the device per the 'configure-syslog-monitoring' guide.
What say the community? I am completely stumped!
↧