Logging Discarded Traffic

Reply
Highlighted
L0 Member

Logging Discarded Traffic

Hello,

I had recently had an issue where I had to move a syslog server behind a cluster of PA-5250.

This syslog server receives logs from different equipements (~ 100GBytes per day) so there is an enormous amount of udp syslog events received by this server.

When the server was behind this cluster, I was not receiving any logs. After some troubleshooting, I found out that the flow was in the "DISCARDED" state in CLI, but there was not any logs that did capture this event. Moreover I did some packet capture and these flows did not appear in the "receiving" state !

I cleared this flow and put an Dos protection rule to permit this type of traffic, but is there a way to log when trafic is in DISCARDED state ? That would help me during future troubleshooting sessions.

 

Thank you.

Regards,


Accepted Solutions
Highlighted
Cyber Elite

Re: Logging Discarded Traffic

@Nico-UBX,

I don't believe this is anything that is built-in at the moment. You would need to utilize the API to actively pull what sessions are in a discarded state and log them separately and do any alerting you may want to. 

View solution in original post


All Replies
Highlighted
Cyber Elite

Re: Logging Discarded Traffic

@Nico-UBX,

I don't believe this is anything that is built-in at the moment. You would need to utilize the API to actively pull what sessions are in a discarded state and log them separately and do any alerting you may want to. 

View solution in original post

Highlighted
L0 Member

Re: Logging Discarded Traffic

Thank you for your answer. I was hoping that this was possible, but well I will do with that.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!