During Evaluation of Palo Alto Networks Firewall, Disable Log-suppression/Bypass-exceed-oo-queue for Full Logging
Resolution
Overview
The Palo Alto Networks firewall suppresses some of the traffic/threat logging for performance and efficiency. During the evaluation of the Palo Alto Networks firewall, the log suppression may disabled for testing and to allow full generation of the logs.
Details
Temporarily disabling log-suppression
> set system setting logging log-suppression no
Log suppression is disabled
Set disabling log-suppression on running-config
# set deviceconfig setting logging log-suppression no
[edit]
# commit
Set bypass-exceed-oo-queue on running-config
# set deviceconfig setting tcp bypass-exceed-oo-queue no
[edit]
# commit
To check the current setting of log-suppression/bypass-exceed-oo-queue, use the following CLI commands:
> show system setting logging
logging rate: 50000 cnt/s
packet logging rate: 2560 KB/s
Traffic log generation rate: 0 cnt/s
Threat log generation rate: 0 cnt/s
Log sent rate: 50000 cnt/s
Current traffic log count: 0
Current threat log count: 0
Random traffic log drop: off
Log suppression: off
default-policy-logging: off
> show running tcp state
session with asymmetric path : drop packet
Bypass if OO queue limit is reached : no
Favor new seg data : no
Urgent data : clear
Check Timestamp option : no
See Also
For log-suppression function, see How Log Suppression Works.
For bypass-exceed-oo-queue, see "tcp_exceed_flow_oo_seg_limit" section of Palo Alto Networks TCP Settings and Counters.
owner: kkondo