https://live.paloaltonetworks.com/t5/general-topics/logging-discarded-traffic/m-p/321607#M82304 <P>Hello,</P><P>I had recently had an issue where I had to move a syslog server behind a cluster of PA-5250.</P><P>This syslog server receives logs from different equipements (~ 100GBytes per day) so there is an enormous amount of udp syslog events received by this server.</P><P>When the server was behind this cluster, I was not receiving any logs. After some troubleshooting, I found out that the flow was in the "DISCARDED" state in CLI, but there was not any logs that did capture this event. Moreover I did some packet capture and these flows did not appear in the "receiving" state !</P><P>I cleared this flow and put an Dos protection rule to permit this type of traffic, but is there a way to log when trafic is in DISCARDED state ? That would help me during future troubleshooting sessions.</P><P>&nbsp;</P><P>Thank you.</P><P>Regards,</P> Wed, 08 Apr 2020 15:50:20 GMT Nico-UBX 2020-04-08T15:50:20Z https://live.paloaltonetworks.com/t5/general-topics/logging-discarded-traffic/m-p/321607#M82304 <P>Hello,</P><P>I had recently had an issue where I had to move a syslog server behind a cluster of PA-5250.</P><P>This syslog server receives logs from different equipements (~ 100GBytes per day) so there is an enormous amount of udp syslog events received by this server.</P><P>When the server was behind this cluster, I was not receiving any logs. After some troubleshooting, I found out that the flow was in the "DISCARDED" state in CLI, but there was not any logs that did capture this event. Moreover I did some packet capture and these flows did not appear in the "receiving" state !</P><P>I cleared this flow and put an Dos protection rule to permit this type of traffic, but is there a way to log when trafic is in DISCARDED state ? That would help me during future troubleshooting sessions.</P><P>&nbsp;</P><P>Thank you.</P><P>Regards,</P> Wed, 08 Apr 2020 15:50:20 GMT https://live.paloaltonetworks.com/t5/general-topics/logging-discarded-traffic/m-p/321607#M82304 Nico-UBX 2020-04-08T15:50:20Z https://live.paloaltonetworks.com/t5/general-topics/logging-discarded-traffic/m-p/321681#M82317 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/137853">@Nico-UBX</a>,</P><P>I don't believe this is anything that is built-in at the moment. You would need to utilize the API to actively pull what sessions are in a discarded state and log them separately and do any alerting you may want to.&nbsp;</P> Wed, 08 Apr 2020 17:48:13 GMT https://live.paloaltonetworks.com/t5/general-topics/logging-discarded-traffic/m-p/321681#M82317 BPry 2020-04-08T17:48:13Z https://live.paloaltonetworks.com/t5/general-topics/logging-discarded-traffic/m-p/321843#M82342 <P>Thank you for your answer. I was hoping that this was possible, but well I will do with that.</P> Thu, 09 Apr 2020 10:22:22 GMT https://live.paloaltonetworks.com/t5/general-topics/logging-discarded-traffic/m-p/321843#M82342 Nico-UBX 2020-04-09T10:22:22Z