Log forwarding to Syslog servers stops if a TCP Syslog server becomes unresponsive when multiple syslog servers are configured.

Log forwarding to Syslog servers stops if a TCP Syslog server becomes unresponsive when multiple syslog servers are configured.

7230
Created On 11/20/24 07:04 AM - Last Modified 07/09/25 18:56 PM


Symptom


This is the issue in environments where multiple Syslog servers are configured with both of UDP and TCP.
If the TCP Syslog server becomes unresponsive, Syslog messages are not forwarded to other servers also.

Syslog Server Profile configuration

Environment


  • Palo Alto Firewalls
  • PAN-OS 11.1, 11.2
  • Log forwarding to Syslog server

Cause


Software Issue.

Resolution


  1. The issue is resolved under PAN-264102 in PAN-OS 11.1.6-h1 and 11.2.5 and above.
  2. This fix will also be applied in the future versions (11.1.7/11.2.6 and above).
  3. As a workaround, Remove the unresponsive TCP Syslog server from the Syslog profile.

 

 
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000TpLkCAK&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language