ACC is Not Accurate During Heavy Traffic Log Generation

ACC is Not Accurate During Heavy Traffic Log Generation

23554
Created On 09/26/18 13:55 PM - Last Modified 06/07/23 17:57 PM


Symptom


Under heavy traffic log generation (more than 100,000 logs per hour), the data presented for "Last Calendar Day" on the ACC (Application Control Center) could be different from calculated traffic logs results.

Environment


  • NGFW
  • Panorama

Cause


The information presented on the ACC comes from normal (every 15 minutes), hourly, daily, and weekly traffic summary (trsum, hourlytrsum, dailytrsum and weeklytrsum) data. Each type of traffic summary data has a 100k lines limit. If "Last Calendar Day" is selected on ACC, the data comes only from the daily traffic summary (dailytrsum). In scenarios of heavy traffic log generation, the 100k lines limit may be reached and some of the information will not be displayed on the ACC.

 

Resolution


To obtain more accurate results on the ACC, set a custom Time Range with a Start and End range of less than 1 day (24-hour period). The data appearing on the ACC may be more accurate, as the results are derived from hourlytrsum and also from trsum (for 15-min increments).

Time_custom.png

 

To show traffic summary on the CLI, use the following command:

> show log <value>

    where <value> is one of the following: trsum, hourlytrsum, dailytrsum, weeklytrsum

 

owner: kkondo
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Cm0XCAS&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language