Traffic, Threat and URL filtering logs are not displayed on the Firewall.

57123

Created On 05/01/19 03:02 AM - Last Modified 03/20/25 03:21 AM

Log Forwarding

Logs

Reporting and Logging

PAN-OS

Symptom

URL Filtering, Threat and Traffic logs are not visible on the firewall.

Environment

Firewall platform
Supported PAN-OS releases
Logging
Netflow enabled

Cause

Neflow is enabled on the interface.
PAN-OS logs experience a significant delay before they are displayed if NetFlow is enabled on an interface. This information is documented under PAN-215869
The global counters (show counter global) display the traffic loss count.

Traffic log counters:

log_traffic_loss_cnt            Number of traffic logs that are lost
log_traffic_loss_queue_full     Number of traffic logs that are lost due to next queue is full

Threat logs global counters:

log_threat_queue_full          Number of threat log queues that is full
log_threat_loss_cnt            Number of threat logs that are lost

Resolution

To resolve this issue, the logging rate needs to be reduced. Here are the different ways of achieving the same.

Option1:

Reduce the amount of NetFlow traffic pulled from the NetFlow collector to allow the firewall to recover.
This action will decrease the amount of NetFlow logs.

Option2:

Reduce the amount of traffic the firewall needs to categorize for URL filtering. This can be done by changing the alert setting which generates logs.
This action will decrease the amount of Threat logs.

Option3:

Turn off "Log at Session Start" from security policies.
This action will decrease the amount of Traffic logs.
Refer to the article Session Log Best Practices for more information.

Additional Information