After upgrading the PA4020 to 6.0 we started to receive email messages with subject line: SYSTEM ALERT : high : Syslog connection established to server. Is this a new feature? What is the purpose for this and can we prevent this email message from being sent?
The system alert "Syslog connection established to server" is an indication that the syslog profile on the PAN has the firewall and the syslog server connected. This is a message seen only once the connection is established and should not be seen frequently. As connection to the server is important in having the logs forwarded to external source the severity is HIGH. May be the severity is changed in 6.0 or its a new alert message. As you may have configured the HIGH sev to be emailed and hence you would have seen the email on this.
There may not be an option to prevent it as far as the severity is HIGH and if all this severity is set to be emailed.
Hope this answers.
Thanks for your quick response Phoenix.
If it was changed to severity High, would this have been indicated on the release notes?
Forgot to include, we are getting the message several times.
These messages are seen now due to new enhancements in 6.0 related to Syslog over TCP or SSL. However, the message is incorrectly being sent once every hour. That will be addressed in upcoming 6.0.1 (reference addressed issue id 60816 once 6.0.1 becomes available).
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!