SYSTEM ALERT : high : Syslog connection established to server

Reply
L4 Transporter

SYSTEM ALERT : high : Syslog connection established to server

I have mail notifications enabled for high and critical system logs. Because of this, I receive the following mail multiple times a day:

SYSTEM ALERT : high : Syslog connection established to server['AF_INET.10.0.0.49:514.']

domain: 1

receive_time: 2013/11/07 14:01:28

serial: 00xxxxxxxxxx

seqno: 14814

actionflags: 0x0

type: SYSTEM

subtype: syslog

config_ver: 0

time_generated: 2013/11/07 14:01:28

vsys:

eventid: syslog-conn-status

object:

fmt: 0

id: 0

module: mgmt

severity: high

opaque: Syslog connection established to server['AF_INET.10.0.0.49:514.']

I don't think that an established session to my syslog server is high prio? Anyone else seeing this?

System info:

Model: PA-VM

VM License: VM-100

Software Version: 6.0.0-b40

I am not posting this in the warsaw section because I had this problem before on 5.0.x

Kind regards,

Bob


Accepted Solutions
Highlighted
L7 Applicator

Re: SYSTEM ALERT : high : Syslog connection established to server

Hello Bdeschut,


These messages are seen now due to new enhancements in 6.0 related to Syslog over TCP or SSL. However, the message is incorrectly being sent once every hour. That will be addressed in 6.0.1 (reference addressed issue id 60816 ).


Thanks

View solution in original post


All Replies
Highlighted
L1 Bithead

Re: SYSTEM ALERT : high : Syslog connection established to server

Hi Bob,

I have exactly the same and found an article that describes it was an issue in 6.0.0.

So I upgraded to 6.0.1 on the Panorama but I still saw these messages.

Now I'm updating the local devices from 6.0.0 to 6.0.1 and hopefully the messages will disappear.

Rene

Highlighted
L7 Applicator

Re: SYSTEM ALERT : high : Syslog connection established to server

Hello Bdeschut,


These messages are seen now due to new enhancements in 6.0 related to Syslog over TCP or SSL. However, the message is incorrectly being sent once every hour. That will be addressed in 6.0.1 (reference addressed issue id 60816 ).


Thanks

View solution in original post

Highlighted
L4 Transporter

Re: SYSTEM ALERT : high : Syslog connection established to server

6.0.1 has already been released if I am correct? Did you mean 6.0.2?

Highlighted
L3 Networker

Re: SYSTEM ALERT : high : Syslog connection established to server

Bob,

6.0.1 release notes has the bug in addressed issues.

60816—Following an upgrade to PAN-OS 6.0.0, syslog connection status warnings for

all defined syslog connections appeared in the system log every hour and were

categorized as critical. This was caused by a scheduled hourly rotation of the syslog-ng

log file, during which the syslog-ng daemon would restart. This issue has been fixed by

adding a condition to the log file rotation process requiring the log file to be 10 MB or

more and the connection status warning will only be seen once every few months.

Rene,

Might be file is over 10 MB? :smileywink:

Or is not fixed? Or doesn't apply to Panorama?

Highlighted
L7 Applicator

Re: SYSTEM ALERT : high : Syslog connection established to server

Hello Bdeschut,

it has been fixed on 6.0.1.

Thanks

Highlighted
L1 Bithead

Re: SYSTEM ALERT : high : Syslog connection established to server

Hello

We are running on PanOS 6.0.2 and the message is still send several times a day. If it was fixed in 6.0.1 it seams the bug is back again.

Regards and thanks for any update

Ralf Cz.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!