cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Log "Number of hints on disk has exceeded 5000 due to log forward failures."

Announcements

Changes to the LIVEcommunity experience are coming soon... Here's what you need to know.

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Reply
jesuscano
L4 Transporter
‎10-26-2018 05:36 AM
‎10-26-2018 05:36 AM

Log "Number of hints on disk has exceeded 5000 due to log forward failures."

Hi,

 

We are receiving these logs. We would like to know what is causing these logs and how to solve it.

 

hints.JPG

 

Thanks :)

10 people had this problem.
0 Likes
Reply
jesuscano
L4 Transporter
‎10-29-2018 05:00 AM
‎10-29-2018 05:00 AM

any idea?

0 Likes
Reply
LukeBullimore
L5 Sessionator
‎10-29-2018 09:25 AM
‎10-29-2018 09:25 AM

Hey @jesuscano

 

Check out the below thread, it seems people have resolved the issue by running the command "debug software restart process log-receiver"

 

https://live.paloaltonetworks.com/t5/General-Topics/General-PA-5220/m-p/192473#M57806

 

As for the root cause, are you running Panorama?

 

Cheers,

Luke.

0 Likes
Reply
jesuscano
L4 Transporter
‎10-30-2018 04:28 AM
‎10-30-2018 04:28 AM

Yes, we are running Panorama

0 Likes
Reply
LukeBullimore
L5 Sessionator
‎10-30-2018 04:37 AM
‎10-30-2018 04:37 AM

Hey @jesuscano

 

Cheers for confirming that. Did you restart the log receiver service and did it resolve the issue?

 

From what I gather, this problem is caused by the send queue being filled up when attempting to forward logs to Panorama. This can be verified by looking at the netstat output "show netstat" and looking at the "Send Queue" column for a socket open on port 10000.

 

In Panorama, there are a few best practices that we can look at:

 

1. Has a log forwarding preference list been configured? Panorama -> Collector Groups -> Device Log Forwarding

2. Is "enable redundancy across log collectors" checked?

3. Is "Forward to all collectors in the preference list" checked?

 

If options two and three are enabled, without the use of the preference list, then all logs will just be sent to one LC, and this will then be copying the logs to the other LCs anyways - causing a lot of stress. At this point the Panorama will start to throttle logs and this is when you will notice the netstat queues increasing.

 

Cheers,

Luke.

Reply
JW6224
L2 Linker
‎10-30-2018 06:14 AM
‎10-30-2018 06:14 AM


 

In Panorama, there are a few best practices that we can look at:

 

1. Has a log forwarding preference list been configured? Panorama -> Managed Collectors -> Device Log Forwarding


@LukeBullimore- I think that setting is under the Collector Groups, not Managed Collectors

 

Good best practices list - much appreciated!

0 Likes
Reply
LukeBullimore
L5 Sessionator
‎10-30-2018 06:21 AM
‎10-30-2018 06:21 AM

Hey @JW6224

 

Whoops yeah that was a typo, I'll correct it now. 

 

 

Reply
MP18
Cyber Elite
Cyber Elite
‎10-30-2018 08:00 AM
‎10-30-2018 08:00 AM

I am still getting this error i ran the command debug restart log receiver

MP
0 Likes
Reply
MP18
Cyber Elite
Cyber Elite
‎10-30-2018 08:24 AM
‎10-30-2018 08:24 AM

I see PA is conected to Panorama and we have dedicated log collectors

 

MP
0 Likes
Reply
jesuscano
L4 Transporter
‎11-02-2018 04:06 AM
‎11-02-2018 04:06 AM

are you still having this issue???

0 Likes
Reply
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

Latest Blogs
Latest Posts
Privacy Policy Terms of Use
Copyright 2007 - 2021 - Palo Alto Networks