Which daemon on the firewall is responsible for forwarding logs to Panorama/Collector?

Question

Which daemon or process on the firewall is responsible for forwarding logs to Panorama/ Log Collector?

Environment

Any PAN-OS.
Log forwarding configuration.

Answer

Management-server ( mgmtsrvr ) daemon on the firewall is responsible for forwarding system and config logs to Panorama/Log Collector.
Log-receiver ( logrcvr ) daemon on the firewall is responsible for forwarding traffic , threat , URL filtering , and data filtering logs to Panorama/ Log Collector.

Additional Information

If the logging gets stuck, restart the log-receiver service with the following command:

>debug software restart process log-receiver

Alternatively, restart the management server (which also restarts the log-receiver service) with the following command:

> debug software restart process management-server

For detailed troubleshooting steps see Palo Alto Networks Firewall not Forwarding Logs to Panorama (VM and M-100)

Restarting the management server process usually doesn't impact packet forwarding, except for the fact that it will log out the administrator. It is always advisable to carry out any process restarts during off-peak hours or within a designated maintenance window.