Difference between "Generate time" and "Receive time" in Panorama logs

Difference between "Generate time" and "Receive time" in Panorama logs

7863
Created On 05/19/21 06:28 AM - Last Modified 04/18/23 03:44 AM


Symptom


  • When checking the log on Panorama, the Generate Time is completely off compared to Receive time.
User-added image
 
  • These logs are coming from either managed firewalls or peer Panorama in HA.
  • Issue is intermittent.

Environment


  • Any Panorama with managed Firewall
  • Supported PAN-OS.
  • Log Forwarding configured.

Cause


  • One of the reasons for such difference is due to a reboot/crash on the Firewall
  • If crash timestamps correlate with Receive Time for which Generate Time is off/incorrect, then the issue is occurring due to the crashes.
Note: On Panorama, the Generated Time is populated by the firewall’s logrcvr or logd on peer Panorama / Dedicated Log Collector (DLC) and  Receive Time is populated by logd on Panorama/DLC.

Resolution


Resolve crashes on managed firewall or peer Panorama.

Note: Other reasons for such difference is the loss of connectivity between Panorama and Firewalls due to network issues.

Additional Information


Refer also: Timestamps in Logs
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000001VPhCAM&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language