A client has set up two syslog servers as destinations on one syslog server profile, but only one of the servers is receiving data. Is that expected behavior on 4.1.3? The hope was to be able to send syslog traffic to both devices.
It should forward the logs to both the syslog servers. Please verify if you can reach the syslog server (not receiving the logs) from the firewall service route.
As said by Sri, you should be able to send logs out to both syslog servers.
Check your Service route configuration to see if the the syslog is configured to connect via the management interface.
If so use the command
admin@PA> telnet host <syslog-server ip>
We wont be able to do a pcap on the Firewall if it goes through management interface. If it is possible to do a pcap on syslog that can also help you determine the cause of failure.
If it goes through the Dataplane interfaces you can possibly do a pcap on PAN to troubleshoot the connection.
We're in the process of testing 4.1.4 before we migrate. Can you give some more detail here? Is it a situation where all logs go to syslog1, but not syslog2? Or, is a certain percentage of logs being lost.
As I write a test case for this, I want to make sure I'm looking for the right thing.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!