Hi Team,
I just upgraded my PaloAlto to 11.1.3. after upgrade we faced issue that syslog receied delay log.
"debug log-receiver statistics"
|
Logging statistics
------------------------------ -----------
Log incoming rate: 448/sec
Log written rate: 467/sec
Corrupted packets: 0
Corrupted HTTP HDR packets: 0
Corrupted HTTP HDR Insert packets: 0
Corrupted EMAIL HDR packets: 0
Logs discarded (queue full): 0
Traffic logs written: 324651629
GTP logs written: 0
Tunnel logs written: 0
Hipmatch logs written: 0
Auth logs written: 0
Config logs written: 465
System logs written: 41641
Alarm logs written: 2
Userid logs written: 591444
SCTP logs written: 0
GlobalProtect logs written: 40654
DECRYPTION logs written: 27515
URL logs written: 30068420
Wildfire logs written: 228937
Inline Wildfire logs written: 0
Anti-virus logs written: 1
Maching Learning-virus logs written: 0
Wildfire Anti-virus logs written: 0
Spyware logs written: 1
Spyware-DNS logs written: 3
Spyware Inline Cloud MLC2 logs written: 0
Spyware Inline Cloud CS logs written: 0
Attack logs written: 0
Vulnerability logs written: 1362398
Vulnerability Inline Cloud logs written: 0
Data logs written: 0
DLP logs written: 0
Non File DLP logs written: 0
URL Cloud logs written: 0
Fileext logs written: 202888
Fileext logs URL not written: 199342
Fileext logs URL not written (timedout): 0
URL cache age out count: 0
URL cache full count: 0
URL cache key exist count: 3644
URL cache wrt incomplete http hdrs count: 0
URL cache rcv http hdr before url count: 0
URL cache full drop count(url log not received): 0
URL cache age out drop count(url log not received): 0
Email hdr cache count: 2876
Email hdr cache hit count: 2340
HTTP hdr insertion received: 0
HTTP hdr insertion processed: 0
Email hdr cache hit count: 2340
HTTP hdr insertion received: 0
HTTP hdr insertion processed: 0
HTTP hdr insert no URL drop count: 0
HTTP hdr insert with invalid URL log: 0
HTTP hdr insert with values exceeded max allowed length: 0
Traffic alarms dropped due to sysd write failures: 0
Traffic alarms dropped due to global rate limiting: 0
Traffic alarms dropped due to each source rate limiting: 0
Traffic alarms generated count: 0
Netflow incoming count: 0
Log Forward count: 0
Log Forward discarded (queue full) count: 0
Log Forward discarded (send error) count: 0
Total logs not written due to disk unavailability: 0
Logs not written since disk became unavailable: 0
HIP Report logs received: 0
DPI Traffic logs written: 0
DPI Threat logs written: 0
Application Stats logs written: 116123
Summary Statistics:
Num current entries in trsum:90481
Num cumulative entries in trsum:277473751
Num current entries in thsum:7154
Num cumulative entries in thsum:31356965
Num current entries in urlsum:27
Num cumulative entries in urlsum:73858
External Forwarding stats:
Type Enqueue Count Send Count Drop Count Queue Depth Send Rate(last 1min)
syslog 218376 965 14263058 16384 0
snmp 39218 39218 0 0 1
email 0 0 0 0 0
raw 0 0 0 0 0
http 0 0 0 0 0
|
|
show logging-status
-----------------------------------------------------------------------------------------------------------------------------
Type Last Log Created Last Log Fwded Last Seq Num Fwded Last Seq Num Acked Total Logs Fwded
-----------------------------------------------------------------------------------------------------------------------------
|
The existing condition is actually fine, but after the upgrade this issue appeared, are there any troubleshooting suggestions?
