11-07-2013 05:21 AM
I have mail notifications enabled for high and critical system logs. Because of this, I receive the following mail multiple times a day:
domain: 1
receive_time: 2013/11/07 14:01:28
serial: 00xxxxxxxxxx
seqno: 14814
actionflags: 0x0
type: SYSTEM
subtype: syslog
config_ver: 0
time_generated: 2013/11/07 14:01:28
vsys:
eventid: syslog-conn-status
object:
fmt: 0
id: 0
module: mgmt
severity: high
opaque: Syslog connection established to server['AF_INET.10.0.0.49:514.']
I don't think that an established session to my syslog server is high prio? Anyone else seeing this?
System info:
Model: PA-VM
VM License: VM-100
Software Version: 6.0.0-b40
I am not posting this in the warsaw section because I had this problem before on 5.0.x
Kind regards,
Bob
04-03-2014 08:13 AM
Hello Bdeschut,
These messages are seen now due to new enhancements in 6.0 related to Syslog over TCP or SSL. However, the message is incorrectly being sent once every hour. That will be addressed in 6.0.1 (reference addressed issue id 60816 ).
Thanks
04-03-2014 02:09 AM
Hi Bob,
I have exactly the same and found an article that describes it was an issue in 6.0.0.
So I upgraded to 6.0.1 on the Panorama but I still saw these messages.
Now I'm updating the local devices from 6.0.0 to 6.0.1 and hopefully the messages will disappear.
Rene
04-03-2014 08:13 AM
Hello Bdeschut,
These messages are seen now due to new enhancements in 6.0 related to Syslog over TCP or SSL. However, the message is incorrectly being sent once every hour. That will be addressed in 6.0.1 (reference addressed issue id 60816 ).
Thanks
04-04-2014 04:04 AM
6.0.1 has already been released if I am correct? Did you mean 6.0.2?
04-04-2014 05:59 AM
Bob,
6.0.1 release notes has the bug in addressed issues.
60816—Following an upgrade to PAN-OS 6.0.0, syslog connection status warnings for
all defined syslog connections appeared in the system log every hour and were
categorized as critical. This was caused by a scheduled hourly rotation of the syslog-ng
log file, during which the syslog-ng daemon would restart. This issue has been fixed by
adding a condition to the log file rotation process requiring the log file to be 10 MB or
more and the connection status warning will only be seen once every few months.
Rene,
Might be file is over 10 MB? 
Or is not fixed? Or doesn't apply to Panorama?
04-04-2014 06:04 AM
Hello Bdeschut,
it has been fixed on 6.0.1.
Thanks
05-23-2014 05:39 AM
Hello
We are running on PanOS 6.0.2 and the message is still send several times a day. If it was fixed in 6.0.1 it seams the bug is back again.
Regards and thanks for any update
Ralf Cz.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
