Existing syslog servers in Cortex Data Lake changes to 'provisioning' state temporarily when adding a new syslog server.

Existing syslog servers in Cortex Data Lake changes to 'provisioning' state temporarily when adding a new syslog server.

192
Created On 03/02/22 00:38 AM - Last Modified 10/27/25 16:45 PM


Symptom


  • New Syslog Server being added to Cortex Data Lake
  • Existing syslog servers in Cortex Data Lake changes the state to 'provisioning' state temporarily.
  • After a while, they go back to the 'normal state.

Environment


  • Cortex Data Lake (CDL)
  • Syslog Server

Cause


  • The syslog config changes are mapped into one job in the backend.
  • So the existing configs are affected when adding a new syslog server.
  • This is the current expected behavior.

Resolution


  1. The logs are resent in the normal state, No logs are lost during this process.
  2. This behavior is as expected.

Additional Information


Syslog configs will be on one dataflow job.

Additionally, https configs and email configs will be on another data flow job. 
The existing configs are also affected when adding the new https or email configs.
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000004NOjCAM&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail