>
    Strata Copilot
    High System Log Messages
    Focus
    Download PDF
    Focus
    1. Home
    2. Next-Generation Firewall
    3. Monitoring
    4. Use Syslog for Monitoring
    5. Syslog Severity Reference
    6. High System Log Messages
    Download PDF
    Next-Generation Firewall

    High System Log Messages

    Table of Contents

    High System Log Messages

    E-Log

    Log Tags:
    auth
    Event IDMessage
    saml-certificate-errorThe certificate of SAML IdP entity Id "<name>" is not configured, but it is asked to validate it in IdP server profile "<name>"
    saml-certificate-errorFailed to get cert config on vsys <id>
    saml-certificate-errorFailed to find cert for <name> in vsys <id>
    saml-certificate-errorFailed to validate the signature in IdP certificate "<name>" of entity Id "<name>"
    saml-certificate-errorcan't build CredentialResolver for public key "<key>" of IdP entity id "<name>" in server profile "<profile>"
    saml-certificate-errorcan't tranform one line buffer for the public key "<key>" of IdP entity id "<id>" in server profile "<profile>"
    saml-certificate-errorUser "<name>" is extracted from SAML SSO response from IdP "<name>", which doesn't have a certificate configured in server profile "<profile>" of auth profile "<profile>"
    saml-certificate-errorRequest signing certificate (object name: <name>) in SAML auth profile "<name>" has expired
    saml-certificate-errorThe certificate (object name: <name>) of SAML IdP entity Id "<name>" in IdP server profile "<name>" has expired
    saml-certificate-errorIdP "<name>" doesn't have a certificate, while incoming SAML message has signature without X509Certificate
    saml-certificate-errorSAML Assertion IdP certificate "<name>" (used in server profile "<name>") <reason>
    saml-certificate-errorSAML no certificate profile is configured to check the revoke status of IdP cert "<name>" (in server profile "<name>")
    saml-certificate-errorNo IdP certificate is configured for IdP "<id>", no x509certificate in the incoming message, can't verify signature
    saml-certificate-errorSAML <type> failure for user '<name>' - IdP "<id>" certificate "<name>" for server profile "<name>" has expired
    saml-certificate-errorSAML <type> from IdP "<name>" (auth profile "<name>") is signed by unknown signer "<name>" and has been rejected
    saml-certificate-errorSAML <type> failure - Request signing certificate "<name>" for SAML auth profile "<name>" has expired
    saml-certificate-errorSAML simple sign the SAML message failed (signing certificate object: "<name>")
    saml-certificate-errorSAML sign the SAML message failed (signing certificate object: "<name>")
    saml-certificate-errorFailure while validating the signature of SAML message received from the IdP "<id>", because the certificate in the SAML Message doesn't match the IDP certificate configured on the IdP Server Profile "<profile>". (SP: "<type>"), (Client IP: <ip>), (vsys: <id>), (authd id: <id>), (user: <name>)
    saml-message-parse-errorSAML Assertion from '<name>' is malformed
    saml-message-parse-errorFailed to convert SAML message payload into xml tree
    saml-message-parse-errorSAML Assertion: InResponseToID "<id>" != OriginalReqID "<id>"
    saml-message-parse-errorSAML message from IdP "<name>" has no Assertion
    saml-message-parse-errorSAML SSO response from "<name>" has no usernameattribute and saml:Subject NameID field
    saml-message-parse-errorusername: entered "<name>" != returned "<name>" from IdP "<name>" -> reject SAML auth due to security concerns
    saml-message-parse-errorSAML SLO request message from '<name>' is malformed
    saml-message-parse-errorSAML message is not of V2.0
    saml-message-parse-errorSAML message has no IssueInstant
    saml-message-parse-errorSAML message from IdP "<id>" has no Issuer node
    saml-message-parse-errorSAML message from IdP "<id>" has empty Issuer node value
    saml-message-parse-errorSAML IdP entityID: parsed "<id>" != configured "<id>"
    saml-message-parse-errorSAML SLO request message has no signature, but validate-idp-certificate is enabled
    saml-message-parse-errorSAML message has no NameID
    saml-message-parse-errorSAML message has no SessionIndex
    saml-message-parse-errorSAML SLO response message from '<name>' is malformed
    saml-message-parse-errorSAML SLO: InResponseToID "<name>" != OriginalReqID "<id>"
    saml-message-parse-errorSAML SLO response status: received "<name>" != "urn:oasis:names:tc:SAML:2.0:status:Success"
    saml-message-parse-errorSAML SLO message has no Status
    saml-message-parse-errorSAML message is not of Version 2.0
    saml-message-parse-errorSAML message from IdP "<name>" has no NameID
    saml-message-parse-errorSAML message from IdP "<name>" SSO: InResponseToID "<id>" != OriginalReqID "<id>"
    saml-message-parse-errorSAML message from IdP "<name>" has no Subject
    saml-message-parse-errorSAML message from IdP "<name>"(server profile "<name>") was created in the future (not_before "<time>" - max_clock_skew <num> > now <time>)
    saml-message-parse-errorSAML message from IdP "<name>" (server profile "<name>") was expired already (not_on_or_after "<time>" + max_clock_skew <num> <= now <time>)
    saml-message-parse-errorSAML message from IdP "<name>" has no Conditions
    saml-message-parse-errorSAML message from IdP "<name>" has no AuthnInstant
    saml-message-parse-errorSAML message from IdP "<name>" has no SessionIndex
    saml-message-parse-errorSAML message from IdP "<name>" has no AuthnStatement
    saml-message-parse-errorSAML message from IdP "<name>": Error to extract AttributeStatement
    saml-message-parse-errorFailed to verify signature against certificate of IdP "<name>"
    saml-message-parse-errorFor user "<name>", SAML message has no Signature from IdP "<name>", whose certificate "<name>" is configured in server profile "<name>" of auth profile "<name>"
    saml-message-parse-errorSAML signature in message from IdP "<name>" can't be validated
    cas-message(profile id:<id>)<message>
    generalDevice cert is not available, to enable the cloud auth profile "<name>" on vsys "<name>"
    cas-token-invalidatedFailed to validate CAS token from client '<name>' from '<url>' with auth_session_id '<id>' and username '<name>'
    cas-certificate-warningExpired CAS certificate '<name>' in region '<name>'
    cas-certificate-warningExpired device certificate '<name>'
    cas-certificate-warningCAS certificate '<name>' in region '<name>' will expire in <num> day[s]
    cas-certificate-warningDevice certificate '<name>' will expire in <num> day[s]
    saml-certificate-warningSAML Assertion: signature is validated against IdP certificate (subject '<name>') for user '<name>'
    saml-certificate-warningCertificate '<name>' of IdP server profile '<name>' in SAML authentication profile '<name>' is expired
    saml-certificate-warningRequest signing certificate '<name>' in SAML authentication profile '<name>' is expired
    saml-certificate-warningCertificate '<name>' of IdP server profile '<name>' in SAML authentication profile '<name>' will expire in <num> day
    saml-certificate-warningRequest signing certificate '<name>' in SAML authentication profile '<name>' will expire in %d day%s
    cas-certificate-errorDevice certificate "<name>" was expired for <num> seconds
    bfd
    Event IDMessage
    admin-downBFD administrative down for BFD session <name> to neighbor <name> on interface <name>. Protocol: <proto>
    expired-timeBFD control detection time expired for BFD session <name> to neighbor <name> on interface <name>. Protocol: <name>
    neighbor-downBFD neighbor signaled session down for BFD session <name> to neighbor <name> on interface <name>. Protocol: <name>
    session-state-changeBFD state changed to <name> for BFD session <name> to neighbor <name> on interface <name>. Protocol: <name>
    admin-downBFD administrative down for BFD session <name> to neighbor <name> on interface <name>. Protocol: <name>
    admin-downBFD administrative down for BFD session <name> to neighbor <name> on interface <name>. Protocol: <name>
    admin-downBFD administrative down for BFD session <name> to neighbor <name> on interface <name>. Protocol: <name>
    clusterd
    Event IDMessage
    cluster-daemon-cfg-giveupCluster daemon is unable to get last cfg from cfgagent. Out of retries.
    cluster-other-ip-incompatiblePeer node IP is not compatible with current cluster interface IP
    dhcp
    Event IDMessage
    if-update-failDHCP <desc>: interface <name>, dhcp server: <name>
    if-update-failDHCP <name>: interface <name>, ip <ip> netmask <mask> dhcp server: <name>
    dns-security
    Event IDMessage
    PAN_ELOG_EVENT_DNSSEC_DNS_CLOUD_CONNECTION_NOHOSTDNS Security cloud service DNS resolution failed.
    PAN_ELOG_EVENT_DNSSEC_DNS_CLOUD_CONNECTION_NOROUTEDNS Security cloud service network connectivity failed.
    PAN_ELOG_EVENT_DNSSEC_DNS_CLOUD_CONNECTION_REFUSEDDNS Security cloud service connection refused.
    PAN_ELOG_EVENT_DNSSEC_DNS_CLOUD_DOWNDNS Security cloud service unavailable.
    dynamic-updates
    Event IDMessage
    palo-alto-networks-message<message>
    fips
    Event IDMessage
    fips-zeroizationFile zeroization error: <error>
    fips-zeroizationRam zeroization error
    general
    Event IDMessage
    generalError setting CURLOPT_WRITEDATA with fd = <id> (code: <id>; msg: <msg>)
    generalError retrieving CRL from "<name>" (code: <id>; msg: <msg>) (curl timeout setting: <num> sec)
    generalError loading CRL from "<name>"
    general
    generalFailed to parse CRL <name> (reason: <reason>)
    generalRequest made to the server "<url>" returned with HTTP response code : <id>
    generalRequest made to the server "<url>" returned with HTTP response code : <id>
    generalMachine Learning engine for <name> stopped, please update your content
    generalMLAV cloud error, all machine Learning engines stopped
    bootstrap-failureFailed to process registration from bootstrapped device <name>, since vm-auth-key not found in request.
    bootstrap-failureFailed to process registration from bootstrapped device <name>, since vm-auth-key <name> is invalid.
    tac-loginTAC debug access failed for <name> from <ip>
    globalprotect
    Event IDMessage
    globalprotectgateway-invalid-licenseGlobalProtect Subscription License has expired. Please activate the license by logging into Customer Support Portal to continue using GlobalProtect features.
    hw
    Event IDMessage
    bootstrap-license-failureFailed to install license using authcode <id>
    slot-unsupportedSlot <id> (<model>) will not be utilized when the Session Distribution Policy is set to ingress-slot. The session distribution policy must be set to some value other than ingress-slot.
    bootstrap-license-failureFailed to install license key for file <name>
    bootstrap-license-failureFailed to install license using authcode <name>
    bootstrap-content-failureInvalid iot image. Failed to get major version, minor version, and digest for file <name>
    bootstrap-content-failureInvalid image. Failed to get major version, minor version, and digest for file <name>
    bootstrap-content-failureInvalid image. Failed to get major version, minor version, and digest for file <name>
    bootstrap-content-failureInvalid image. Failed to get major version, minor version, and digest for file <name>
    bootstrap-content-failureFailed to schedule content install job for file <name>
    bootstrap-content-failureContent cannot be installed. <error>
    iot
    Event IDMessage
    ha-queue-fullHA queue is full
    ipv6nd
    Event IDMessage
    inconsistent-ra-message-receivedAn inconsistent router advertisement was received from address <ip> on interface <name>.
    lldp
    Event IDMessage
    tooManyNeighbors timer clearedTooManyNeighbors error cleared for <xx>:<xx>:<xx>:<xx>:<xx>:<xx> on interface <index>
    tx errorReceive error for <xx>:<xx>:<xx>:<xx>:<xx>:<xx> on interface <index> for TLV <index>
    rx errorReceive error for <xx>:<xx>:<xx>:<xx>:<xx>:<xx> on interface <index> for TLV <index>
    too many neighborsMax MIB size reached: LLDP neighbor addition failed for <xx>:<xx>:<xx>:<xx>:<xx>:<xx> on interface <index>
    port
    Event IDMessage
    link-changePort MGT: Down <type>
    resctrl
    Event IDMessage
    mem-limit-exceededMemory lmt exceeds. cgroup_name <name> memsw_limit_in_bytes <num> memsw_usage_in_bytes <num>
    routing
    Event IDMessage
    routed-BGP-peer-left-establishedBGP peer session left established state. peer name: <name>, peer IP: <ip>.
    routed-BGP-peer-restartedInitiated graceful-restart with a BGP peer. peer name: <name>, peer IP: <ip>.
    routed-BGP-peer-prefix-exceededBGP peer advertised more than maximum allowed prefixes. peer name: <name>, peer IP: <ip>.
    route-table-capacityRoute table capacity reached.
    routed-BGP-peer-left-establishedBGP peer session left established state.
    routed-OSPF-neighbor-downOSPF adjacency with neighbor has gone down.
    routed-RIP-peer-delRIP peer disappeared.
    tls
    Event IDMessage
    tls-X509-validation-failed<name> Server certificate validation failed. Dest Addr: <address>, Reason: <reason>
    tls-X509-validation-failed<name> server certificate authentication failed
    url-filtering
    Event IDMessage
    url-download-failurePAN-DB cloud list loading failed (ERROR:<error>).
    url-download-failureFailed to download the cloud list from the master cloud.
    url-cloud-connection-failureURL cloud list is empty. "Cannot initiate cloud connection.
    url-cloud-connection-failureCould not open file /opt/pancfg/opt/pan/content/pan/urlcloud_list.txt. errno=<error>.
    url-cloud-connection-failureFailed to send update request to the cloud
    url-cloud-connection-failureCloud is not ready Free <num> requests without processing.
    url-cloud-connection-failureCloud is not ready, There was no update from the cloud in the last <num> minutes.
    url-cloud-connection-failureCLOUD CONNECTION: cloud not OK
    update-version-failureFailed to update DP, update version <name>.
    update-version-failureFailed to update version <version>.
    update-version-failureFailed to update version <version>.
    update-version-failureFailed to update version <version>.
    update-version-failureFailed to update version <version>.
    seed-out-of-syncPAN-DB sw <version> is not compatible with the cloud sw <version> Upgrade sw is required!!!
    url-cloud-connection-failureFailed to create the Cloud Connection Agent.
    userid
    Event IDMessage
    connect-agent-failureUser-ID Agent peer's certificate RSA public key size is less than 2048 bits
    connect-agent-failureUser-ID Agent X509_verify_cert returned error <id>, error = '<error>'
    connect-agent-failureUser-ID Agent server cert revoked/invalid
    connect-agent-failureUser-ID Agent cert name validation failed
    connect-agent-failureRedistribution Agent <name>(vsys<id>): <status> details: close connection to agent
    user-group-countUser Group count of <num> exceeds threshold of <num>
    connect-vm-info-source-failurevm-info-source <name>(vsys<id>): failed to connected to <host>, status <message>
    connect-agent-failure<agent> <name>(vsys<id>): <status> details: <details>
    HA-queue-fullHA queue is full
    HA-queue-fullCFG HA queue is full
    connect-agent-failureUser-ID Agent peer's certificate RSA public key size is less than 2048 bits
    connect-agent-failureUser-ID Agent X509_verify_cert returned error <num> error = '<error>'
    connect-agent-failureUser-ID Agent cert name validation failed
    connect-agent-failureUser-ID Agent server cert revoked/invalid
    connect-agent-failureUser-ID Agent peer's certificate RSA public key size is less than 2048 bits
    connect-agent-failureUser-ID Agent X509_verify_cert returned error <num> error = '<error>'
    connect-agent-failureUser-ID Agent cert name validation failed
    connect-agent-failureUser-ID Agent server cert revoked/invalid
    connect-agent-failureUser-ID Agent server cert revoked/invalid
    connect-agent-failureUser-ID Agent peer's certificate RSA public key size is less than 2048 bits
    connect-agent-failureUser-ID Agent X509_verify_cert returned error <num>, error = '<error>'
    connect-agent-failureUser-ID Agent cert name validation failed
    connect-server-monitor-failureUser-ID server monitor <name>(vsys<id>) <status>
    connect-server-monitorUser-ID WinRM server monitor <name>(vsys<id>): certificate RSA public key size is less than 2048 bits
    connect-server-monitorUser-ID WinRM X509_verify_cert returned error <num> error = '<error>'
    connect-server-monitorUser-ID WinRM cert name validation failed
    connect-server-monitorUser-ID WinRM server cert revoked/invalid
    connect-server-monitor-failureServer monitor <name>(vsys<id>): connection failed, <error>
    connect-vm-info-source-failurevm-info-source <name>(vsys<id>): failed to connected to <host>, status <status>
    connect-vm-info-source-failurevm-info-source <name>(vsys<id>): failed to connected to <host>, status <status>
    connect-vm-info-source-failurevm-info-source <name>(vsys<id>): failed to connected to GCE, status <status>
    connect-vm-info-source-failurevm-info-source <name>(vsys<id>): failed to connected to <host>, status <status>
    wildfire
    Event IDMessage
    wildfire-auth-failedWildFire failed to retrieve verdict.Authentication or Client Certificate failure.
    wildfire-auth-failedWildFire failed to send query.Authentication or Client Certificate failure.
    wildfire-disabled-by-cloudWildFire failed to send query.Client Certificate has expired or is not yet valid.
    wildfire-auth-failedWildFire failed to send query."Authentication or Client Certificate failure.
    wildfire-invalid-cloud-infoWildFire <name> channel registration received invalid cloud info. Details in varrcvr.log.
    wildfire-no-licenseWildFire <name> channel registration failed due to invalid WildFire license.
    wildfire-wrong-cloud-typeWildFire registration failed. Cloud type <type> (<name>) is not allowed for <name> channel.
    wildfire-auth-failedWildFire registration failed.Authentication or Client Certificate failure.
    wildfire-auth-failedWildFire registration failed.Mismatched Serial number in certificate and payload.
    wildfire-no-policyWildFire <name> channel disabled. "Invalid <name> Cloud server configuration '<name>'.

    Slog

    • GRPC status DEADLINE_EXCEEDED in intelligent offload
    • Inserted 100G QSFP28 module "(Vendor '<name>';Part '<name>';id '<id>') is not supported on 40G (port <num>) of PA-5220.
    • No valid dataplane ports found at startup.
    • Failed to install SSL Inbound Certificate(s) in Data Plane.
    • Memory error detected.
    • <name>Drive error detected.
    • Not enough space to load content to SHM
    • device-server HA queue is full
    • GlobalProtect data file version <version> failed to install version
    • Number of hints on disk has exceeded <num> due to log forward failures.
    • Created CSR Cert '<name>'
    • Delete Cert '<name>'
    • Created CA Cert '<name>'
    • Signed Cert '<name>' for device '<name>'
    • Signed Renewal Cert '<name>' for device '<name>'
    • SC3 Device certificate state has been reset!
    • Attempted to fix partition <name>. If any problems are encounted, it is advisable to update this partition
    • Daily packet capture limit (directory <name> limit <num>) has been reached.
    • Unable to get instance/domains for region
    • Unable to get attributes for region:%s instance:%s
    • Unable to get all regions
    • dsc HA state is changed from %d to %d
    • DPI: EAL message format is changed to Json[prev: %d]
    • DPI: EAL message format is changed to protobuf[prev: %d]

    © 2026 Palo Alto Networks, Inc. All rights reserved.