General - PA 5220

Reply
L2 Linker

General - PA 5220

Hi

 

I have in logs this message

Type - SYSTEM

Subsystem - General

opaque: Number of hints on disk has exceeded 5000 due to log forward failures.

 

Someone may have had this error ?

 

Mr.P

 

L7 Applicator

Re: General - PA 5220

@pkowalewski,

It sounds like you may have a log-forwarding policy that is improperly configured or is pointing to something that is no longer accessable. I would start by verifying that all of the information in your log-forwarding policies is actually current. 

L2 Linker

Re: General - PA 5220

Hmm

I haven't any policy to log forwarding.

My set is "all log" forward.

I made a ticket in my local support of Palo Alto.

In this moment a don't have answer.

 

Regards

 

Highlighted
L6 Presenter

Re: General - PA 5220

Hi,

 

getting same error log.panos 8.0.7

Does someone have any information ?

 

Regards

 

L2 Linker

Re: General - PA 5220

Hi

I have a answer from support PA.

Sounds like :

"Is over 5,000 logs were recorded on the device disk, because there was a problem with transferring them to Panorama as a result of performance problems - the logs per second parameter was exceeded"

 

but

This is like a bufor.

Since then I have no problems with  loging to Panoram and this erorr does not appear to me.

 

Regards

L2 Linker

Re: General - PA 5220

how was this fixed?

L2 Linker

Re: General - PA 5220

I made command

> debug software restart process log-receiver

 

end ... SYSTEM ALERT  was gone.

L2 Linker

Re: General - PA 5220

Had the same issue on the passive member of an Active/Passive HA-pair of PA-7050s running PANOS 8.0.10. Every 60 minutes, another copy of the message was logged.

 

The "debug software restart process log-receiver" command addressed the issue.

L0 Member

Re: General - PA 5220

We had the same issue on our PA-5220 and we found this thread and ran the debug command "debug software restart process log-receiver" and it fixed the issue. Now all of our traffic logs forwards to Panorama and prior to doing this only System Logs were being forwarded.

 

Also to keep note is that after running the command the Alert kept coming and after check the raw logs locally it was way over teh threshold of 5000 but slowly coming down. Once it will go lower it will stop the alerts.

L4 Transporter

Re: General - PA 5220

i ran the command but still got email alert

 

External Forwarding stats:
Type Enqueue Count Send Count Drop Count Queue Depth Send Rate(last 1min)
syslog 14217727 14217727 0 0 138812
snmp 0 0 0 0 0
email 1 1 0 0 0
raw 0 9074366 0 0 88644
http 0 0 0 0 0
autotag 0 0 0 0 0

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!