Turn off logging when high load on data plane

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Turn off logging when high load on data plane

L4 Transporter

I think I read something that said you can configure the PA to shut off logging if the dataplane was running a very high percentage of load and I would also like to be sent an alert if anyone has any information on this process.

6 REPLIES 6

L5 Sessionator

If security policy have log at session start or/and log at session end then logging will happen regardless of log.

 

 

L6 Presenter

Hi,

 

I don't think you can dynamically turn off logging, this is something that you are manually configuring either "on" or "off". Article below will help you to configure email alerts for the high DP utilisation etc:

 

https://live.paloaltonetworks.com/t5/Configuration-Articles/How-to-Configure-Email-Alerts-for-System...

 

Thx,

Myky

L2 Linker

There is a setting under Setup -> Management -> Logging and Reporting Settings -> Log Export and Reporting called "Enable Log on High DP Load". Select this check box if you would like a system log entry generated when the packet processing load on the firewall is at 100% CPU utilization. Disabled by default. Is that what you were thinking of? I don't know of any way you can disable logging under high DP load, but at least this will alert you in case you don't have any other monitoring of your firewall..

Well when I think that the choice is enable log on High DP load it makes it sounds like it will continue to log even when the load is high and this was the definition on the machine. But I think this is close to what I was thinking, though my thought was that logging did not continue until the load on the DP reduced, so I am not sure

 

Enable Log on High DP Load—(Firewall only) Select this check box if you would like a system log entry generated when the packet processing load on the firewall is at 100% CPU utilization.
A high CPU load can cause operational degradation because the CPU does not have enough cycles to process all packets. The system log alerts you to this issue (a log entry is generated each minute) and allows you to investigate the probable cause.
Disabled by default.

I could be wrong here, but most of the logging functions happen on the MP, not the DP.  If you have 100% DP utilization, disabling logging probably won't do a whole lot to ease the problem.  

 

You're better off directly addressing the cause of high DP utilization, whether it be a DoS attack, applications being tagged as unknown-tcp/udp, using app-override where it makes sense, or looking at a larger platform with more DP resources.  

Thats a very good point, I just wish I could find the information that suggested it

  • 7530 Views
  • 6 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!