During Evaluation of Palo Alto Networks Firewall, Disable Log-suppression/Bypass-exceed-oo-queue for Full Logging

Overview

The Palo Alto Networks firewall suppresses some of the traffic/threat logging for performance and efficiency. During the evaluation of the Palo Alto Networks firewall, the log suppression may disabled for testing and to allow full generation of the logs.

Details

Temporarily disabling log-suppression

> set system setting logging log-suppression no

Log suppression is disabled

Set disabling log-suppression on running-config

# set deviceconfig setting logging log-suppression no

[edit]

# commit

Set bypass-exceed-oo-queue on running-config

# set deviceconfig setting tcp bypass-exceed-oo-queue no

[edit]

# commit

To check the current setting of log-suppression/bypass-exceed-oo-queue, use the following CLI commands:

> show system setting logging

logging rate: 50000      cnt/s

packet logging rate: 2560       KB/s

Traffic log generation rate: 0          cnt/s

Threat log generation rate: 0          cnt/s

Log sent rate: 50000      cnt/s

Current traffic log count: 0

Current threat log count: 0

Random traffic log drop: off

Log suppression: off

default-policy-logging: off

> show running tcp state

session with asymmetric path            : drop packet

Bypass if OO queue limit is reached     : no

Favor new seg data                      : no

Urgent data                             : clear

Check Timestamp option                  : no

See Also

For log-suppression function, see How Log Suppression Works.

For bypass-exceed-oo-queue, see "tcp_exceed_flow_oo_seg_limit" section of Palo Alto Networks TCP Settings and Counters.

owner: kkondo