防火墙未将日志发送到 syslog,Syslog-ng 日志显示“解析主机名时出错”

防火墙未将日志发送到 syslog,Syslog-ng 日志显示“解析主机名时出错”

5609
Created On 11/30/23 08:31 AM - Last Modified 12/19/23 05:19 AM


Symptom


  • Syslog 未从防火墙接收日志
  • Syslog-ng 日志显示“解析主机名时出错”:
Nov 27 06:27:07 FWPA1 syslog-ng[24640]: Error resolving hostname; host='splunk-syslog-ghcc.splunk.example.com'
Nov 27 06:27:07 FWPA1 syslog-ng[24640]: Initiating connection failed, reconnecting; time_reopen='5'
  • dnsproxy.log 显示系统日志主机名的“无法解析域名”:
2023-11-29 10:48:19.383 +0000 Warning:  pan_dnsproxy_log_resolve_fail(pan_dnsproxy_util.c:651): Failed to resolve domain name:splunk-syslog-ghcc.splunk.example.com AAAA after trying all attempts to name server(s): 10.250.0.1  10.250.0.2
  • Ping 到主机名工作正常:
user@FWPA1> ping host splunk-syslog-ghcc.splunk.example.com
PING splunk-syslog-ghcc.splunk.glblint.example.com (10.240.72.88) 56(84) bytes of data.
64 bytes from splunk-syslog-ghcc.splunk.glblint.example.com (10.240.72.88): icmp_seq=1 ttl=252 time=30.0 ms

 

Environment


  • 所有平台
  • PANOS 9.1、10.1.9 或之前版本、10.2.4 或之前版本

Cause


  • 由软件问题 PAN-208210 引起,其中未在不重新启动管理服务器的情况下应用对 IP 地址或端口号的 syslog 配置更改。

Resolution


  1. 升级到 10.1.10 或更高版本、10.2.5 或更高版本、11.0.1 或更高版本
注意:
当前可用的解决方法是重新启动管理服务器,预计不会对数据平面产生任何影响:
>调试软件重新启动进程管理服务器

Additional Information


https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-release-notes/pan-os-10-1-10-known-and-addressed-issues/pan-os-10-1-10-addressed-issues
 
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000008W3bCAE&lang=zh_CN&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language