04-08-2020 08:50 AM
Hello,
I had recently had an issue where I had to move a syslog server behind a cluster of PA-5250.
This syslog server receives logs from different equipements (~ 100GBytes per day) so there is an enormous amount of udp syslog events received by this server.
When the server was behind this cluster, I was not receiving any logs. After some troubleshooting, I found out that the flow was in the "DISCARDED" state in CLI, but there was not any logs that did capture this event. Moreover I did some packet capture and these flows did not appear in the "receiving" state !
I cleared this flow and put an Dos protection rule to permit this type of traffic, but is there a way to log when trafic is in DISCARDED state ? That would help me during future troubleshooting sessions.
Thank you.
Regards,
04-08-2020 10:48 AM
I don't believe this is anything that is built-in at the moment. You would need to utilize the API to actively pull what sessions are in a discarded state and log them separately and do any alerting you may want to.
04-08-2020 10:48 AM
I don't believe this is anything that is built-in at the moment. You would need to utilize the API to actively pull what sessions are in a discarded state and log them separately and do any alerting you may want to.
04-09-2020 03:22 AM
Thank you for your answer. I was hoping that this was possible, but well I will do with that.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
