05-07-2018 06:23 AM - edited 05-07-2018 06:25 AM
Pretty often seemingly simple monitor filters seem to get our PA devices in an endless loop.
For example:
( rule eq management_services ) and !( addr.dst in a.b.c.d ) and ( app eq ms-sms )
will never succeed. The fitering start running, shows a couple of matching results, screen goes blank and starts over indefinetly.
Please advise.
05-07-2018 06:58 AM - edited 05-07-2018 06:59 AM
Hi @mvdven,
Try doing a web UI debug to try and find some clues as to what is failing exactly :
https://live.paloaltonetworks.com/t5/Management-Articles/How-to-Run-a-PAN-OS-Web-UI-Debug/ta-p/58117
Cheers !
-Kiwi.
05-08-2018 05:43 AM
Hi,
Thanks for the reply. The debug log is something I'm not experienced with so it'd take me hours if not days trying to understand what it may mean or tell me.
I've contacted our IT partner for this issue since we can't contact PA directly.
We've had this issue from the start and throughout all our updates in firmware 8.x.x.
The interesting part is where sometimes/occasionally 'the problem' was not consistently reproduceable, suggesting a caching or memory issue? It typically happens when I want to dig through/evaluate policies if they should be split or created differently. So typically I'm doing multiple different filter queries in a single session / short amount of time. It just so feels like at some point 'something' becomes full/congested and just starts to deteriorate.
We have retentions set and several GBs of free space on the appliances, if executing a filter query doesn't require an execessive amount of diskspace, there should be plenty of it to hold the results I'm trying to get out if it.
05-15-2018 01:46 AM
Shifting the allocated quotas for specific logs did not resolve the issue. Certain queries simply wont succeed. The PA stays in a loop trying to figure it out, never times out, never shows an error of any kind. At least this situation could use proper error handling: Out of memory? Out of temp table space?
05-16-2018 01:23 AM
Hi @mvdven,
I have the same issue: https://live.paloaltonetworks.com/t5/General-Topics/Traffic-Log-refreshs-is-broken-when-using-long-f...
I hoped updating to 8.x would resolve this issue (still pending) but obviously not.
We have the problem on a clusterd PA-850 with PAN-OS 7.1.9 - what do you use?
Best Regards
Chacko
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
