This document explains the commands used to verify the statistics of logs forwarded /dropped on the firewall from PAN-OS 6.0 and newer
1. With command debug syslog-ng stats, we can for forwarded logs and drop counters for the syslog-server
> debug syslog-ng stats SourceName;SourceId;SourceInstance;State;Type;Numberdestination;d_logsecure;;a;processed;1632global;payload_reallocs;;a;processed;3140source;src_traffic;;a;processed;590source;src_hipmatch;;a;processed;0source;s_local;;a;processed;1632global;msg_clones;;a;processed;1490src.internal;s_local#0;;a;processed;1632src.internal;s_local#0;;a;stamp;1405463177destination;dstdevnull;;a;processed;0destination;dst10;;a;processed;780global;sdata_updates;;a;processed;0source;src_system;;a;processed;25source;src_threat;;a;processed;165center;;received;a;processed;0center;;queued;a;processed;0dst.tcp;dst10#0;10.66.22.247:514;a;dropped;0 <== check for drop counters.dst.tcp;dst10#0;10.66.22.247:514;a;processed;774dst.tcp;dst10#0;10.66.22.247:514;a;stored;0source;src_config;;a;processed;0
From PAN-OS 6.0 and later, the debug log-receiver statistics command displays the details of external log forwarding stats as seen in the below output.
> debug log-receiver statistics Logging statistics------------------------------ -----------Log incoming rate: 1/secLog written rate: 1/secCorrupted packets: 0Corrupted URL packets: 0Logs discarded (queue full): 0Traffic logs written: 529324URL logs written: 9233Wildfire logs written: 0Anti-virus logs written: 1Spyware logs written: 0Attack logs written: 0Vulnerability logs written: 8Fileext logs written: 72URL cache age out count: 2123URL cache full count: 0URL cache key exist count: 0Traffic alarms dropped due to sysd write failures: 0Traffic alarms dropped due to global rate limiting: 0Traffic alarms dropped due to each source rate limiting: 0Traffic alarms generated count: 0Log Forward count: 0Log Forward discarded (queue full) count: 0Log Forward discarded (send error) count: 0 Summary Statistics:Num current drop entries in trsum:0Num cumulative drop entries in trsum:0Num current drop entries in thsum:0Num cumulative drop entries in thsum:0 External Forwarding stats: Type Enqueue Count Send Count Drop Count Queue Depth Send Rate(last 1min) syslog 346722 346722 0 0 0 snmp 0 0 0 0 0 email 0 0 0 0 0 raw 346735 346735 0 0 0
The syslog connections and logs processed and forwarded to syslog server can be checked under process syslog-ng.log with the following command:
> tail follow yes mp-log syslog-ng.log