Problem with system logs

_slv_ · ‎03-14-2014

Hello

I realized that something wrong is with system log. On dashboard I have "No data available." in "System Log" sections.

In Monitor > system log I have a lot of

I did :

debug software restart device-server

debug software restart management-server

This problem occur because yesterday I worked with support engineer. Unfortunetelly we leave packet capture enabled for whole night. Today morning I realized that the pcap files are over 200MB big. I disabled packet capture, deleted pcap files

Please help me.

With regards

Slawek

Phoenix · ‎03-14-2014

Hello Slv,

How does it look from the CLI,

"show log system direction equal backward"

Also if you trigger some system logs by logging off and logging on to the GUI or SSH we can see if any new logs are being generated.

Try to restart the varrcvr

"debug software restart vardata-receiver"

helps in packet capture process restarts.

Pls let us know.

_slv_ · ‎03-14-2014

Hi Phoenix

"show log system direction equal backward":

Time	Severity Subtype Object EventID ID Description

===============================================================================

1970/01/01 01:00:00 Unknown general	unknown 0
1970/01/01 01:00:00 Unknown general	unknown 0
1970/01/01 01:00:00 Unknown general	unknown 0
1970/01/01 01:00:00 Unknown general	unknown 0
1970/01/01 01:00:00 Unknown general	unknown 0
1970/01/01 01:00:00 Unknown general	unknown 0
1970/01/01 01:00:00 Unknown general	unknown 0
1970/01/01 01:00:00 Unknown general	unknown 0
2031/05/11 20:14:06 Unknown general	unknown 0
1970/01/01 01:00:00 Unknown general	unknown 0
1970/01/01 01:00:00 Unknown general	unknown 0
1970/01/01 01:00:00 Unknown general	unknown 0
1970/01/01 01:00:00 Unknown general	unknown 0
1970/01/01 01:00:00 Unknown general	unknown 0

I try "debug software restart vardata-receiver" but it doesn't help.

Any ideas?

hyadavalli · ‎03-14-2014

Hello Slv,

Timestamps doesn't look good in the above logs.

I know there is a known issue related to timestamps and that's the reason why it shows as unknown.

What Os version currently firewall running on?

Regards,

Hari Yadavalli

_slv_ · ‎03-14-2014

Hi Hari

I'm runing 5.0.9 PAN, timestamps are bad but also in every log entry there isn't information that shold be there.

Only system log is affected, other logs are OK.

Regards

Slawek

_slv_ · ‎03-15-2014

Hi

Today system logs started working.... I dont understand how - but it's started working at 1:00.

panos · ‎03-15-2014

We saw This issue on a new deployment a few weeks ago.Until I clear all the system and config logs I was unable to see new system and config logs.Maybe if I waited for some period, it would be fixed like as yours.

sia2sirtie · ‎03-31-2014

Hi,

I am experiencing the same issue, the timestamp jumped sudenly from 1970/01/01 to 1995/08/15 07:31:28.

Over logs are OK.

Not very happy to need erase system logs (no syslog server present).

Is it exist a way to export / clear / import clean logs ?

_slv_ · ‎03-31-2014

Hi

What veriosn of PAN are You using?

Try this:

debug software restart management-server

debug software restart vardata-receiver

debug software restart log-receiver

Regards

Slawek

sia2sirtie · ‎03-31-2014

Hi,

PANOS 5.08

still same after commands:

Regards.

_slv_ · ‎03-31-2014

One more thing, when I had this issue I got email from my PA device with topic: "SYSTEM ALERT : critical : "Disk usage exceeds limit, 100 percent in use, cleaning filesystem""

I have email notification for critical system alerts.

Regards

Slawek

sia2sirtie · ‎03-31-2014

System logs are showing logs from the fist device boot.

I just checked my email but nothing like yours.

I have extended the system logs quota.

sia2sirtie · ‎04-01-2014

Today logs are OK 🙂

Unlock your full community experience!

Problem with system logs

Problem with system logs

Show your appreciation!