- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
This article is based on a discussion, Issue that specific policy traffic logs fail to forward to syslog server and drop from firewall, posted by @JoHyeonJae. Read on to see the discussion and guidance from @PavelK!
Hello,
PAN-OS : 9.1.6
Currently, my customer is facing Issues where logs generated (TO_DNS policy) from a specific policy of more than 10,000 LPS are dropped without being forwarded to the syslog server.
The Traffic Log of the firewall is verifiable, but the Forwarding Stats Syslog Drop Count is constantly increasing, debug log-receiver statistics have been confirmed, and less than 1,000 Total LPS appear in addition to this policy.
There is no logs for that policy on the syslog server because it is dropped without being forwarded by the firewall.
The Log Setting/Log Forwarding Profile in the policy settings is set normally, so it seems to be no problem with the settings.
I will let you know, if you guys need additional info.
The Device Log Forwarding Limit of PA-3260 is written in 24,000/LPS as shown in the document below, so I wonder why it is dropped.
Thanks,
Hello @JoHyeonJae
your customer might be hitting an issue PAN-185616 addressed in 9.1.14:
Kind Regards
Pavel