1- device > syslog -> syslog profile -> custom log format -> and changed the default format of GlobalProtect
to location=$location, portal=$portal, actionflags=$actionflags, attempted_gateways=$attempted_gateways, auth_method=$auth_method, cef-formatted-receive_time=$cef-formatted-receive_time, cef-formatted-time_generated=$cef-formatted-time_generated, client_os=$client_os, client_os_ver=$client_os_ver, client_ver=$client_ver, cluster_name=$cluster_name, connect_method=$connect_method, device_name=$device_name, dg_hier_level_1=$dg_hier_level_1, dg_hier_level_2=$dg_hier_level_2, dg_hier_level_3=$dg_hier_level_3, dg_hier_level_4=$dg_hier_level_4, error=$error, error_code=$error_code, eventid=$eventid, gateway=$gateway, high_res_timestamp=$high_res_timestamp, hostid=$hostid, login_duration=$login_duration, machinename=$machinename, opaque=$opaque, priority=$priority, private_ip=$private_ip, private_ipv6=$private_ipv6, project_name=$project_name, public_ip=$public_ip, public_ipv6=$public_ipv6, reason=$reason, receive_time=$receive_time, repeatcnt=$repeatcnt, response_time=$response_time, selection_type=$selection_type, sender_sw_version=$sender_sw_version, seqno=$seqno, serial=$serial, serialnumber=$serialnumber, srcregion=$srcregion, srcuser=$srcuser, stage=$stage, status=$status, subtype=$subtype, time_generated=$time_generated, tunnel_type=$tunnel_type, type=$type, vsys=$vsys, vsys_id=$vsys_id, vsys_name=$vsys_name
2- committed the changes and everything working fine and we are sending the logs properly
3- device > syslog -> syslog profile -> custom log format -> and changed the default format of traffic to
action=$action, action_source=$action_source, actionflags=$actionflags, ai_fwd_error=$ai_fwd_error, ai_traffic=$ai_traffic, app=$app, assoc_id=$assoc_id, bytes=$bytes, bytes_received=$bytes_received, bytes_sent=$bytes_sent, category=$category, category_of_app=$category_of_app, cef-formatted-receive_time=$cef-formatted-receive_time, cef-formatted-time_generated=$cef-formatted-time_generated, characteristic_of_app=$characteristic_of_app, chunks=$chunks, chunks_received=$chunks_received, chunks_sent=$chunks_sent, cluster_name=$cluster_name, container_id=$container_id, container_of_app=$container_of_app, device_name=$device_name, dg_hier_level_1=$dg_hier_level_1, dg_hier_level_2=$dg_hier_level_2, dg_hier_level_3=$dg_hier_level_3, dg_hier_level_4=$dg_hier_level_4, dport=$dport, dst=$dst, dst_category=$dst_category, dst_dag=$dst_dag, dst_edl=$dst_edl, dst_host=$dst_host, dst_mac=$dst_mac, dst_model=$dst_model, dst_osfamily=$dst_osfamily, dst_osversion=$dst_osversion, dst_profile=$dst_profile, dst_uuid=$dst_uuid, dst_vendor=$dst_vendor, dstloc=$dstloc, dstuser=$dstuser, dynusergroup_name=$dynusergroup_name, elapsed=$elapsed, endpoint_id=$endpoint_id, flags=$flags, flow_type=$flow_type, from=$from, high_res_timestamp=$high_res_timestamp, hostid=$hostid, http2_connection=$http2_connection, http2_connection_64=$http2_connection_64, inbound_if=$inbound_if, is_saas_of_app=$is_saas_of_app, k8s_cluster_id=$k8s_cluster_id, link_change_count=$link_change_count, link_switches=$link_switches, logset=$logset, monitortag=$monitortag, natdport=$natdport, natdst=$natdst, natsport=$natsport, natsrc=$natsrc, ndpmatches=$ndpmatches, nftrans=$nftrans, nssai_sd=$nssai_sd, nssai_sst=$nssai_sst, nthreats=$nthreats, nurlcount=$nurlcount, offloaded=$offloaded, outbound_if=$outbound_if, packets=$packets, parent_session_id=$parent_session_id, parent_session_id_64=$parent_session_id_64, parent_start_time=$parent_start_time, pkts_received=$pkts_received, pkts_sent=$pkts_sent, pod_name=$pod_name, pod_namespace=$pod_namespace, policy_id=$policy_id, proto=$proto, receive_time=$receive_time, repeatcnt=$repeatcnt, risk_of_app=$risk_of_app, rule=$rule, rule_uuid=$rule_uuid, s_decrypted=$s_decrypted, s_encrypted=$s_encrypted, sanctioned_state_of_app=$sanctioned_state_of_app, sdwan_cluster=$sdwan_cluster, sdwan_cluster_type=$sdwan_cluster_type, sdwan_device_type=$sdwan_device_type, sdwan_ec_applied=$sdwan_ec_applied, sdwan_ec_session=$sdwan_ec_session, sdwan_fec_data=$sdwan_fec_data, sdwan_fec_ratio=$sdwan_fec_ratio, sdwan_impacted_link_rx_bytes=$sdwan_impacted_link_rx_bytes, sdwan_impacted_link_tx_bytes=$sdwan_impacted_link_tx_bytes, sdwan_impacted_session=$sdwan_impacted_session, sdwan_link=$sdwan_link, sdwan_link_rx_bytes=$sdwan_link_rx_bytes, sdwan_link_tag=$sdwan_link_tag, sdwan_link_tx_bytes=$sdwan_link_tx_bytes, sdwan_link_type=$sdwan_link_type, sdwan_pd_session=$sdwan_pd_session, sdwan_phyintf=$sdwan_phyintf, sdwan_session=$sdwan_session, sdwan_site=$sdwan_site, security_key=$security_key, sender_sw_version=$sender_sw_version, seqno=$seqno, serial=$serial, serialnumber=$serialnumber, session_end_reason=$session_end_reason, session_owner=$session_owner, sessionid=$sessionid, sessionid_64=$sessionid_64, sport=$sport, src=$src, src_category=$src_category, src_dag=$src_dag, src_edl=$src_edl, src_host=$src_host, src_mac=$src_mac, src_model=$src_model, src_osfamily=$src_osfamily, src_osversion=$src_osversion, src_profile=$src_profile, src_uuid=$src_uuid, src_vendor=$src_vendor, srcloc=$srcloc, srcuser=$srcuser, start=$start, subcategory_of_app=$subcategory_of_app, subtype=$subtype, technology_of_app=$technology_of_app, time_generated=$time_generated, time_received=$time_received, to=$to, traffic_flags=$traffic_flags, tunnel=$tunnel, tunneled_app=$tunneled_app, tunnelid=$tunnelid, type=$type, vpc_id=$vpc_id, vsys=$vsys, vsys_id=$vsys_id, vsys_name=$vsys_name, xff_ip=$xff_ip
4- committed the changes and then the system stopped sending logs via syslog aswell as the internal monitoring logs stops generating
5- attempted to revert changes but cannot commit as we get the error "Commit job was not queued. Client logrcvr not connected. All daemons are not available."
6- log into the cli and run debug software restart process log-receiver , which started the logrcvr .
7- attempted to commit again and the commit started but failed midway with error "
Partial changes to commit: changes to configuration by administrators: haitham
Changes to shared configuration
ID population failed
Client logrcvr requesting last config in the middle of a commit/validate. Aborting current commit/validate.
Commit failed
Local configuration size: 259 KB
Predefined configuration size: 17 MB
Merged configuration size(local, panorama pushed, predefined): 21 MB
Maximum recommended merged configuration size: 35 MB (60% configured)"
8- log to the cli again and run show system software status ane we get the result Process logrcvr stopped (pid: -1) - Exit Signal: SIGSEGV
9- attempted to restart it again but shuts down after few seconds
in short we cannot alter anything so we are stuck with the current config
