Does the HA Passive PA-VM Firewall forwards the logs to syslog server

Showing results for 
Show  only  | Search instead for 
Did you mean: 

Does the HA Passive PA-VM Firewall forwards the logs to syslog server

L1 Bithead



We have the pair of PA-VM deployed in HA A-P mode. The log-forwarding facility is enabled and the logs are being forwarded to the external Syslog-Server.


It is noticed that the Passive node is not sending any logs to the Syslog-Server. Only the Active node is sending the logs.


I am trying to understand that all the configurations are identical, and the communication to the Syslog-Server is directed from MGMT NIC directly to the servers on both the firewalls. So the Passive node must be sending the logs (system-log, config-log etc.).


Please let us know the behavior.





L1 Bithead

I have the Syslog configured with UDP only. And I believe the Passive node should forward the system-log, config-log kind of logs to the Syslog-Server.

Cyber Elite
Cyber Elite

Thank you for update @Muruganandham.SP 


I am running in my environment the same setup where Passive Firewall is sending System logs to syslog server and I can confirm that I can see logs on server side, so this should be definitely working.


As next step to troubleshoot, I would advice to check detailed output from: less mp-log syslog-ng.log and take packet capture on management interface: tcpdump filter "port 514" (


Kind Regards


Help the community: Like helpful comments and mark solutions.

L1 Bithead

Hi Team,


I've just opened the ticket with the TAC. Also on the other hand I'd performed all the above steps mentioned by @PavelK prior coming to this live-community forum.

The behavior is, no packets were observed at the Passive device. Had a multiple sessions with the TAC. Even on a remote-session, the TAC couldn't see any packets being forwarded at the Passive unit.

Restarted the management-server, device-server, vardata-receiver, log-rcvr, Also restarted the syslog-ng. The Passive unit's tcpdump and debug log-receiver statistics didn't show any clue about the packet-forward to syslog-server. So none of the above activities has helped.


Post couple of weeks, TAC has again joined the call. And interestingly, without doing anything on Passive Unit, now the tcpdump output show that the packets are being forwarded to the syslog-server. While the debug log-receiver statistics command doesn't show any numbers incrementing.



Muruganandham SP

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!