Nominated Discussion: Syslog Forwarding Issue

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Community Team Member
No ratings

This article is based on a discussion, Issue that specific policy traffic logs fail to forward to syslog server and drop from firewall, posted by @JoHyeonJae. Read on to see the discussion and guidance from @PavelK!

 

Hello,

PAN-OS : 9.1.6

Currently, my customer is facing Issues where logs generated (TO_DNS policy) from a specific policy of more than 10,000 LPS are dropped without being forwarded to the syslog server.

 

The Traffic Log of the firewall is verifiable, but the Forwarding Stats Syslog Drop Count is constantly increasing, debug log-receiver statistics have been confirmed, and less than 1,000 Total LPS appear in addition to this policy.

There is no logs for that policy on the syslog server because it is dropped without being forwarded by the firewall.

The Log Setting/Log Forwarding Profile in the policy settings is set normally, so it seems to be no problem with the settings.

I will let you know, if you guys need additional info.

The Device Log Forwarding Limit of PA-3260 is written in 24,000/LPS as shown in the document below, so I wonder why it is dropped.

스크린샷 2022-09-20 오전 11.52.58.png


Thanks,

 

Hello @JoHyeonJae

 

your customer might be hitting an issue PAN-185616 addressed in 9.1.14:

 

PavelK_0-1663648642166.png

 

Kind Regards

Pavel

Rate this article:
  • 2493 Views
  • 0 comments
  • 1 Likes
Register or Sign-in
Labels
Article Dashboard
Version history
Last Updated:
‎09-21-2022 09:45 AM
Updated by: