Managment port flap

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Managment port flap

L3 Networker

Dear Team,

 

The mgmt port up/down phenomenon occurred from 00:07 to 00:08 on April 12.

 

I analyzed the tech support file and I found below log in the ms.log.

 

Is there any additional way I can check for cause analysis?

 

ms.log
2022-04-12 00:05:23.261 +0900 cmsa: peer watch. sock=50 curtime=2614507 recvtime=2614442 idx=0 proctime=2614442 sendtime=2614477 errcount=1
2022-04-12 00:05:36.550 +0900 lcs agent: peer watch. sock=53 curtime=2614520 recvtime=2614455 proctime=2614455 sendtime=2614490 errcount=1
2022-04-12 00:05:51.394 +0900 Warning: pan_hash_init(pan_hash.c:113): nbuckets 3 is not power of 2!
2022-04-12 00:05:51.394 +0900 Warning: pan_hash_init(pan_hash.c:113): nbuckets 10 is not power of 2!
2022-04-12 00:05:51.394 +0900 Warning: pan_hash_init(pan_hash.c:113): nbuckets 2000 is not power of 2!
2022-04-12 00:05:51.395 +0900 Warning: pan_hash_init(pan_hash.c:113): nbuckets 2000 is not power of 2!
2022-04-12 00:05:51.395 +0900 Warning: pan_hash_init(pan_hash.c:113): nbuckets 2000 is not power of 2!
2022-04-12 00:06:28.321 +0900 cmsa: peer watch. sock=50 curtime=2614572 recvtime=2614507 idx=0 proctime=2614442 sendtime=2614547 errcount=2
2022-04-12 00:06:41.610 +0900 lcs agent: peer watch. sock=53 curtime=2614585 recvtime=2614520 proctime=2614455 sendtime=2614560 errcount=2
2022-04-12 00:07:21.764 +0900 ### MS-DB: RuleHit update: /opt/pancfg/mgmt/devices/localhost.localdomain/rule-hit-count-db.txt
2022-04-12 00:07:33.381 +0900 Error: pan_cmsa_tcp_channel_loop(src_panos/cms_agent.c:1784): cmsa: peer timed out. sock=50 curtime=2614637 recvtime=2614572 idx=0 proctime=2614442 sendtime=2614617 errcount=3
2022-04-12 00:07:33.381 +0900 Drain thread type=1 total=0 match=0
2022-04-12 00:07:33.381 +0900 Drain thread type=1 total=0 match=0
2022-04-12 00:07:33.381 +0900 Drain thread type=1 total=0 match=0
2022-04-12 00:07:33.381 +0900 Drain thread type=1 total=0 match=0
2022-04-12 00:07:33.381 +0900 Drain thread type=1 total=0 match=0
2022-04-12 00:07:33.381 +0900 Drain thread type=1 total=0 match=0
2022-04-12 00:07:33.381 +0900 Drain thread type=1 total=0 match=0
2022-04-12 00:07:33.381 +0900 Drain thread type=1 total=0 match=0
2022-04-12 00:07:33.381 +0900 Drain thread type=1 total=0 match=0
2022-04-12 00:07:33.381 +0900 Drain thread type=1 total=0 match=0
2022-04-12 00:07:33.381 +0900 Drain thread type=2 total=0 match=0
2022-04-12 00:07:33.381 +0900 panorama agent: channel teardown. sock=50 idx=0
2022-04-12 00:07:33.381 +0900 panorama disconnected
2022-04-12 00:07:33.381 +0900 connmgr: shutdown channel. sock=50 ssl=0x555587e0b6c0
2022-04-12 00:07:33.387 +0900 connmgr: connection entry removed. devid=panorama sock=50 result=0
2022-04-12 00:07:33.387 +0900 MS: disconnected from panorama. waitcount=0
2022-04-12 00:07:33.389 +0900 panorama agent: channel teardown complete. idx=0
2022-04-12 00:07:33.481 +0900 logbuffer: log buffer thread: FW not registered to panorama, no log will be forwarded !
2022-04-12 00:07:33.481 +0900 pan_check_panorama_configured: find cms 0 addr = [10.182.64.38]

 

Thanks in advance,
Kyungjun,

2 accepted solutions

Accepted Solutions

Community Team Member

Hi @CHOE-KyungJun ,

 

I'd recommend generating a tech support file of the device in question and send the file to TAC for analysis.  TAC can easily correlate all the different logs to a specific time-frame and link logs taking into account device state, resource usage, etc...

 

Cheers,

-Kiwi.

 
LIVEcommunity team member, CISSP
Cheers,
Kiwi
Please help out other users and “Accept as Solution” if a post helps solve your problem !

Read more about how and why to accept solutions.

View solution in original post

@RajuLamichhane 

Hi, RajuLamichhane

I opened the CASE and confirmed the issue as a problem with azure Therefore, it is recommended to check the peer side first before proceeding with the CASE.

View solution in original post

4 REPLIES 4

Community Team Member

Hi @CHOE-KyungJun ,

 

I'd recommend generating a tech support file of the device in question and send the file to TAC for analysis.  TAC can easily correlate all the different logs to a specific time-frame and link logs taking into account device state, resource usage, etc...

 

Cheers,

-Kiwi.

 
LIVEcommunity team member, CISSP
Cheers,
Kiwi
Please help out other users and “Accept as Solution” if a post helps solve your problem !

Read more about how and why to accept solutions.

Hi @kiwi 

 

CASE has been opened as further analysis is not possible with open documents and information.

 

I will update the results later

 

Cheers,
-kyungjun choe

L0 Member

Hey CHOE,

Did you receive any update on above issue. Any suggestion on it? 

@RajuLamichhane 

Hi, RajuLamichhane

I opened the CASE and confirmed the issue as a problem with azure Therefore, it is recommended to check the peer side first before proceeding with the CASE.

  • 2 accepted solutions
  • 3719 Views
  • 4 replies
  • 2 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!