SYSTEM ALERT : high : Syslog connection established to server

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

SYSTEM ALERT : high : Syslog connection established to server

L4 Transporter

I have mail notifications enabled for high and critical system logs. Because of this, I receive the following mail multiple times a day:

SYSTEM ALERT : high : Syslog connection established to server['AF_INET.10.0.0.49:514.']

domain: 1

receive_time: 2013/11/07 14:01:28

serial: 00xxxxxxxxxx

seqno: 14814

actionflags: 0x0

type: SYSTEM

subtype: syslog

config_ver: 0

time_generated: 2013/11/07 14:01:28

vsys:

eventid: syslog-conn-status

object:

fmt: 0

id: 0

module: mgmt

severity: high

opaque: Syslog connection established to server['AF_INET.10.0.0.49:514.']

I don't think that an established session to my syslog server is high prio? Anyone else seeing this?

System info:

Model: PA-VM

VM License: VM-100

Software Version: 6.0.0-b40

I am not posting this in the warsaw section because I had this problem before on 5.0.x

Kind regards,

Bob

1 accepted solution

Accepted Solutions

L7 Applicator

Hello Bdeschut,


These messages are seen now due to new enhancements in 6.0 related to Syslog over TCP or SSL. However, the message is incorrectly being sent once every hour. That will be addressed in 6.0.1 (reference addressed issue id 60816 ).


Thanks

View solution in original post

6 REPLIES 6

L1 Bithead

Hi Bob,

I have exactly the same and found an article that describes it was an issue in 6.0.0.

So I upgraded to 6.0.1 on the Panorama but I still saw these messages.

Now I'm updating the local devices from 6.0.0 to 6.0.1 and hopefully the messages will disappear.

Rene

L7 Applicator

Hello Bdeschut,


These messages are seen now due to new enhancements in 6.0 related to Syslog over TCP or SSL. However, the message is incorrectly being sent once every hour. That will be addressed in 6.0.1 (reference addressed issue id 60816 ).


Thanks

6.0.1 has already been released if I am correct? Did you mean 6.0.2?

Bob,

6.0.1 release notes has the bug in addressed issues.

60816—Following an upgrade to PAN-OS 6.0.0, syslog connection status warnings for

all defined syslog connections appeared in the system log every hour and were

categorized as critical. This was caused by a scheduled hourly rotation of the syslog-ng

log file, during which the syslog-ng daemon would restart. This issue has been fixed by

adding a condition to the log file rotation process requiring the log file to be 10 MB or

more and the connection status warning will only be seen once every few months.

Rene,

Might be file is over 10 MB? Smiley Wink

Or is not fixed? Or doesn't apply to Panorama?

Hello Bdeschut,

it has been fixed on 6.0.1.

Thanks

L1 Bithead

Hello

We are running on PanOS 6.0.2 and the message is still send several times a day. If it was fixed in 6.0.1 it seams the bug is back again.

Regards and thanks for any update

Ralf Cz.

  • 1 accepted solution
  • 8133 Views
  • 6 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!