Why is the User-ID server monitor log being logged every 10 mins in the system log?
4592
Created On 04/25/21 23:55 PM - Last Modified 09/23/21 19:40 PM
Question
Why is the User-ID server monitor log being logged every 10 mins in the system log?
Environment
- PANOS 8.1.x, 9.0x. 10.0.x
- Microsoft Active Directory as shown under the server monitoring configuration tab below:
Answer
-
2021/03/31 13:09:26 info userid connect 0 User-ID server monitor palo-monitor01(vsys1): connected to 10.x.x.21 2021/03/31 13:01:39 info userid connect 0 User-ID server monitor palo-monitor02(vsys1): connected to 10.x.x.22 2021/03/31 12:59:24 info userid connect 0 User-ID server monitor palo-monitor01(vsys1): connected to 10.x.x.21 2021/03/31 12:51:37 info userid connect 0 User-ID server monitor palo-monitor02(vsys1): connected to 10.x.x.22 2021/03/31 12:49:21 info userid connect 0 User-ID server monitor palo-monitor01(vsys1): connected to 10.x.x.21 2021/03/31 12:39:42 info userid connect 0 User-ID server monitor palo-monitor02(vsys1): connected to 10.x.x.22 2021/03/31 12:39:19 info userid connect 0 User-ID server monitor palo-monitor01(vsys1): connected to 10.x.x.21 2021/03/31 12:29:18 info userid connect 0 User-ID server monitor palo-monitor01(vsys1): connected to 10.x.x.21 2021/03/31 12:27:57 info userid connect 0 User-ID server monitor palo-monitor02(vsys1): connected to 10.x.x.22 2021/03/31 12:19:17 info userid connect 0 User-ID server monitor palo-monitor01(vsys1): connected to 10.x.x.21 2021/03/31 12:15:45 info userid connect 0 User-ID server monitor palo-monitor02(vsys1): connected to 10.x.x.22 2021/03/31 12:09:16 info userid connect 0 User-ID server monitor palo-monitor01(vsys1): connected to 10.x.x.21
- As can be seen the above logs are generated every 10 minutes (for each server in server monitor configuration). Those are expected/normal behavior, and can be ignored since those alerts are status checks on server connections which is periodic.