Email "Alert | Cortex Data lake Log Forwarding - Syslog server disconnected at" yyyy-mm-dd

Email "Alert | Cortex Data lake Log Forwarding - Syslog server disconnected at" yyyy-mm-dd

2287

Created On 07/14/22 01:08 AM - Last Modified 11/02/23 01:03 AM

Syslog

Cortex

Cortex Data Lake

Log Forwarding app

Symptom

Syslog server configured to receive logs from CDL is not able to receive any logs
On the HUB, the log rate is seen as 0

 HUB > CDL > Dashboard > "Forwarding Log rate" = 0.

Alerts are received from "noreply@cs.paloaltonetworks.com" as

Subject : Alert | Cortex Data lake Log Forwarding - Syslog server disconnected at yyyy-mm-dd

"Test Connection" is displaying Success (green): HUB > CDL > Log Forwarding > Test Connection

Environment

Cortex Data Lake
Log Forwarding to (internal/external) Syslog Server

Cause

Backend Issue.

Resolution

Make a temporary change to one of the log forwarding profiles
Remove the change and save the profile.
This will re-trigger the log profile to start sending logs.
If the issue is still unresolved, open a case with Support.