Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

SYSLOG Issue after upgrade

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

SYSLOG Issue after upgrade

L0 Member

Hi Team,

 

I just upgraded my PaloAlto to 11.1.3. after upgrade we faced issue that syslog receied delay log. 


"debug log-receiver statistics"

 

Logging statistics
------------------------------ -----------
Log incoming rate: 448/sec
Log written rate: 467/sec
Corrupted packets: 0
Corrupted HTTP HDR packets: 0
Corrupted HTTP HDR Insert packets: 0
Corrupted EMAIL HDR packets: 0
Logs discarded (queue full): 0
Traffic logs written: 324651629
GTP logs written: 0
Tunnel logs written: 0
Hipmatch logs written: 0
Auth logs written: 0
Config logs written: 465
System logs written: 41641
Alarm logs written: 2
Userid logs written: 591444
SCTP logs written: 0
GlobalProtect logs written: 40654
DECRYPTION logs written: 27515
URL logs written: 30068420
Wildfire logs written: 228937
Inline Wildfire logs written: 0
Anti-virus logs written: 1
Maching Learning-virus logs written: 0
Wildfire Anti-virus logs written: 0
Spyware logs written: 1
Spyware-DNS logs written: 3
Spyware Inline Cloud MLC2 logs written: 0
Spyware Inline Cloud CS logs written: 0
Attack logs written: 0
Vulnerability logs written: 1362398
Vulnerability Inline Cloud logs written: 0
Data logs written: 0
DLP logs written: 0
Non File DLP logs written: 0
URL Cloud logs written: 0
Fileext logs written: 202888
Fileext logs URL not written: 199342
Fileext logs URL not written (timedout): 0
URL cache age out count: 0
URL cache full count: 0
URL cache key exist count: 3644
URL cache wrt incomplete http hdrs count: 0
URL cache rcv http hdr before url count: 0
URL cache full drop count(url log not received): 0
URL cache age out drop count(url log not received): 0
Email hdr cache count: 2876
Email hdr cache hit count: 2340
HTTP hdr insertion received: 0
HTTP hdr insertion processed: 0
Email hdr cache hit count: 2340
HTTP hdr insertion received: 0
HTTP hdr insertion processed: 0
HTTP hdr insert no URL drop count: 0
HTTP hdr insert with invalid URL log: 0
HTTP hdr insert with values exceeded max allowed length: 0
Traffic alarms dropped due to sysd write failures: 0
Traffic alarms dropped due to global rate limiting: 0
Traffic alarms dropped due to each source rate limiting: 0
Traffic alarms generated count: 0
Netflow incoming count: 0
Log Forward count: 0
Log Forward discarded (queue full) count: 0
Log Forward discarded (send error) count: 0
Total logs not written due to disk unavailability: 0
Logs not written since disk became unavailable: 0
HIP Report logs received: 0
DPI Traffic logs written: 0
DPI Threat logs written: 0
Application Stats logs written: 116123

Summary Statistics:
Num current entries in trsum:90481
Num cumulative entries in trsum:277473751
Num current entries in thsum:7154
Num cumulative entries in thsum:31356965
Num current entries in urlsum:27
Num cumulative entries in urlsum:73858

External Forwarding stats:
Type Enqueue Count Send Count Drop Count Queue Depth Send Rate(last 1min)
syslog 218376 965 14263058 16384 0
snmp 39218 39218 0 0 1
email 0 0 0 0 0
raw 0 0 0 0 0
http 0 0 0 0 0

 

show logging-status


-----------------------------------------------------------------------------------------------------------------------------
Type Last Log Created Last Log Fwded Last Seq Num Fwded Last Seq Num Acked Total Logs Fwded
-----------------------------------------------------------------------------------------------------------------------------

 

The existing condition is actually fine, but after the upgrade this issue appeared, are there any troubleshooting suggestions?

2 REPLIES 2

L0 Member

I am running into the same, or an extremely similar issue on 820's, 850's, and 460's all after upgrading to 11.1.2-h4, which was preferred at the time. 

Dear @J.Laumer214716 ,

 

Have you resolved the issue?

By the way, I have two devices that I upgraded to version 11.1.3. The one experiencing the issue is the 3220, while the 440 is functioning without any problems. Also, I noticed that my syslog is really slow in receiving logs from the 3220, but there is no issue with the 440.

  • 465 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!