What information is displayed when using the command "debug log-receiver rawlog_fwd show hints-stats"?

• PA-Series Next-Generation Firewall
• PAN-OS 10.2

1. The "Number of hints on disk" increases when log transfer is delayed or fails for some reason and the log information that could not be transferred is cached for retransmission.
2. If the retransmission is successful, the "Number of hints on disk" will decrease and the "Number of hints acked" will increase.
3. When the maximum number of hints is exceeded, the "Number of hints purged" is incremented, the cache is purged, and logs related to that cache are not forwarded.
4. These will delete only 64 Hints at a time.
5. If the maximum value is exceeded, the message “Number of hints on disk has exceeded XXXX due to log forward failures.” is seen in the system log.

• The maximum number of hints can be checked using the command below.

admin@PA-VM1> debug log-receiver rawlog_fwd show hints-max

Max number of hints      :          20000

• The values can be changed using the command below. Restart the log receiver after these changes.

admin@PA-VM1> debug log-receiver rawlog_fwd set hints-max
  <value>  <0-20000> Max number of hints

• The example below shows that 81 caches are still on disk and 29 caches have been resubmitted. And it shows that 64 caches were deleted without being transferred.

admin@PA-VM1> debug log-receiver rawlog_fwd show hints-stats

Hints statistics
Number of hints on disk     :          81
Number of hints acked       :          29
Number of hints corrupted   :           0
Number of hints purged      :          64