During Evaluation of Palo Alto Networks Firewall, Disable Log-suppression/Bypass-exceed-oo-queue for Full Logging

Overview

The Palo Alto Networks firewall reduces logging related to traffic, threats, and data filtering to enhance performance and efficiency. During the firewall evaluation, it may be necessary to disable log suppression to enable the complete generation of logs for testing purposes.

Details

Temporarily disabling log-suppression

> set system setting logging log-suppression no

Log suppression is disabled

Set disabling log-suppression on running-config

# set deviceconfig setting logging log-suppression no

[edit]

# commit

Set bypass-exceed-oo-queue on running-config

# set deviceconfig setting tcp bypass-exceed-oo-queue no

[edit]

# commit

To check the current setting of log-suppression/bypass-exceed-oo-queue, use the following CLI commands:

> show system setting logging

logging rate: 50000      cnt/s

packet logging rate: 2560       KB/s

Traffic log generation rate: 0          cnt/s

Threat log generation rate: 0          cnt/s

Log sent rate: 50000      cnt/s

Current traffic log count: 0

Current threat log count: 0

Random traffic log drop: off

Log suppression: off

default-policy-logging: off

> show running tcp state

session with asymmetric path            : drop packet

Bypass if OO queue limit is reached     : no

Favor new seg data                      : no

Urgent data                             : clear

Check Timestamp option                  : no

See Also

For log-suppression function, see How Log Suppression Works.

For bypass-exceed-oo-queue, see "tcp_exceed_flow_oo_seg_limit" section of Palo Alto Networks TCP Settings and Counters.

owner: kkondo