无法查看 Panorama 上的日志 | vld-xx.log:压缩阻止内容已损坏
3230
Created On 10/11/23 10:22 AM - Last Modified 01/07/25 03:20 AM
Symptom
- 全景图中不显示日志
- debug log-collector log-collection-stats show coming-logs显示 0传入日志率
- 日志未按照 vld-0-0.log [ ES_INGEST ERR]进行提取:
2023-09-12 01:30:14.485 -0700 Error: _index_get(pan_index_leveldb_wrapper.cpp:1191): Error getting key from idx db. Error: Corruption: corrupted compressed block contents
2023-09-12 01:30:14.485 -0700 Error: pan_leveldb_index_get(pan_index_leveldb_wrapper.cpp:1229): Error getting key from idx db
2023-09-12 01:30:14.485 -0700 Error: _segdb_get(vld_quota.c:117): Error getting value for db_info_idx:0, timeb:1694505600 for segnum:158 for vld:vld-0-0
2023-09-12 01:30:14.485 -0700 Error: _segdb_val_get(vld_quota.c:142): Error getting value for db_info_idx:0, timeb:1694505600 for segnum:158 for vld:vld-0-0
2023-09-12 01:30:14.485 -0700 Error: _update_segdb(vld_quota.c:1045): Error getting the segdb val for timeb:1694505600 segnum:158 for vld:vld-0-0
2023-09-12 01:30:14.485 -0700 Error: vld_quota_handle_stat_notify(vld_quota.c:5026): Error while updating the quota of timeb:1694505600 in segnum:158 type:traffic for vld:vld-0-0
2023-09-12 01:30:16.339 -0700 ESRA app(0x55fd82911b00) fd(552, 1, 0) WRITING bytes(8713515), rec(4762) type(0) indexname(pan_20230912_68_traffic_000710000817-0)
2023-09-12 01:30:17.266 -0700 ESRA app(0x55fd82911b00) fd(552, 8, 826033) Sent bytes (8713515) successfully
2023-09-12 01:30:19.337 -0700 Error: http_put_clnt(es_rest_api.c:785): ESRA app(0x55fd2fcced00) fd(553, 4, 0) resp(6307857, 4904, 1) ES_INGEST ERR (reason = "failed to parse field [characteristic-of-app] of type [integer] in document with id 'AYqIgzNk1JFc37GbEITc'")
Environment
- PAN-OS-10.1.10-hx
- 全景
Cause
- 由于元数据损坏,日志未被正确清除,从而导致提取问题。
Resolution
重新生成元数据
在 Panorama 上重新生成元数据时是否会丢失日志