I had recently had an issue where I had to move a syslog server behind a cluster of PA-5250.
This syslog server receives logs from different equipements (~ 100GBytes per day) so there is an enormous amount of udp syslog events received by this server.
When the server was behind this cluster, I was not receiving any logs. After some troubleshooting, I found out that the flow was in the "DISCARDED" state in CLI, but there was not any logs that did capture this event. Moreover I did some packet capture and these flows did not appear in the "receiving" state !
I cleared this flow and put an Dos protection rule to permit this type of traffic, but is there a way to log when trafic is in DISCARDED state ? That would help me during future troubleshooting sessions.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!