10-26-2018 05:36 AM
Hi,
We are receiving these logs. We would like to know what is causing these logs and how to solve it.
Thanks 🙂
10-29-2018 09:25 AM
Hey @BigPalo
Check out the below thread, it seems people have resolved the issue by running the command "debug software restart process log-receiver"
https://live.paloaltonetworks.com/t5/General-Topics/General-PA-5220/m-p/192473#M57806
As for the root cause, are you running Panorama?
Cheers,
Luke.
10-30-2018 04:28 AM
Yes, we are running Panorama
10-30-2018 04:37 AM - edited 10-30-2018 06:22 AM
Hey @BigPalo
Cheers for confirming that. Did you restart the log receiver service and did it resolve the issue?
From what I gather, this problem is caused by the send queue being filled up when attempting to forward logs to Panorama. This can be verified by looking at the netstat output "show netstat" and looking at the "Send Queue" column for a socket open on port 10000.
In Panorama, there are a few best practices that we can look at:
1. Has a log forwarding preference list been configured? Panorama -> Collector Groups -> Device Log Forwarding
2. Is "enable redundancy across log collectors" checked?
3. Is "Forward to all collectors in the preference list" checked?
If options two and three are enabled, without the use of the preference list, then all logs will just be sent to one LC, and this will then be copying the logs to the other LCs anyways - causing a lot of stress. At this point the Panorama will start to throttle logs and this is when you will notice the netstat queues increasing.
Cheers,
Luke.
10-30-2018 06:14 AM
In Panorama, there are a few best practices that we can look at:
1. Has a log forwarding preference list been configured? Panorama -> Managed Collectors -> Device Log Forwarding
@LukeBullimore- I think that setting is under the Collector Groups, not Managed Collectors
Good best practices list - much appreciated!
10-30-2018 08:00 AM
I am still getting this error i ran the command debug restart log receiver
10-30-2018 08:24 AM
I see PA is conected to Panorama and we have dedicated log collectors
11-02-2018 04:06 AM
are you still having this issue???
11-02-2018 07:58 AM
no.
restarting the log receiver from the root fixed the issue
02-18-2019 12:46 AM - edited 02-18-2019 12:49 AM
Hi,
What do you exactly mean by restarting the service from the root ?
I'm experiencing the same issue but restarting the service did not resolve the issue on my device ( which is even a standby device )
03-11-2019 04:18 AM
Do you have any news for this issue? we are still having the problem.
03-11-2019 05:33 AM
Hi,
The error dissapeared after restarting the mgmtsrv service and waiting for 8 hours.
We didn't notice the error anymore since then
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
