"Number of hints on disk has exceeded 5000 due to log forward failures."

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Palo Alto Networks Approved
Palo Alto Networks Approved
Community Expert Verified
Community Expert Verified

"Number of hints on disk has exceeded 5000 due to log forward failures."

L2 Linker

Hi,

 

I have a client (PA 5220 version 8.0.9) who continuously (every hour) is getting this error message in Monitor -> System: "Number of hints on disk has exceeded 5000 due to log forward failures."

 

At first we thought it was due to the parameter configured under Device -> Setup -> Management -> Logging and Reporting Settings -> Max Rows in User Activity Report since the value was 5000, but we are no longer sure

 

We also suspect that it was due to the maximum number of user authentication errors and / or external log elements and we limited the storage of this type of logs. But the alarm is still active

 

We do not know what is the origin of this error to be able to solve it and let it appear.

 

Some idea of ​​what is causing this error message and how to fix it.

23 REPLIES 23

Hi Jim, I'm in the same scenario.

 

NetworkingKimitec_0-1729155248204.png

 

Did you finally solve the problem and did you find the affectation of the hints?

 

thanks you in advance.

 

BR.

@NetworkingKimitec 

 

Please use below commands to fix the issue

 

debug software restart process log-receiver

delete log-collector preference-list

 

Regards

MP

Help the community: Like helpful comments and mark solutions.

Hi @MP18 ,

 

Would running these commands incur downtime on the services?

 

Regards

Nicko

@NickoKristianNickoKristian These commands are safe to run anytime.

 

Regards

MP

Help the community: Like helpful comments and mark solutions.

I have executed the comands. but the problem persists:

 

NetworkingKimitec_0-1730283396482.png

 

any ideas?

 

Thank you in advance.

 

BR.

@NetworkingKimitecNetworkingKimitec What is the output of show logging status on the PA?

Where are you sending the logs external device?  Panorama or log collector?

 

Regards

MP

Help the community: Like helpful comments and mark solutions.

Hi @MP18 ,

Here you can find the result of the command:

NetworkingKimitec_0-1730703569852.png

i have not setup any log to external device, just SNMP monitoring is currently setup.

 

Could it be associated to Agent-ID?

 

thank for your support.

 

BR.

 

@NetworkingKimitec If i am correct if logs are local to the Firewall, then you will not see any output from the above command.

As all the Logs are Local to the Firewall.

 

Regards

MP

Help the community: Like helpful comments and mark solutions.

Hi @MP18 , so thats mean that is just cosmetic error or i should fix/do somethig more?

 

Thank you in advance.


BR.

  • 53107 Views
  • 23 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!