Reduced Log Forwarding Detected
Focus
Focus
Next-Generation Firewall

Reduced Log Forwarding Detected

Table of Contents

Reduced Log Forwarding Detected

Incident Code
INC_NGFW_REDUCED_LOG_FORWARDING
Severity
Warning
Category
Network Services
Subcategory
Logging
Description
This alert triggers when the NGFW's log-receiver fills up, causing it to drop logs. This issue can stem from several factors, including: • A network connectivity problem to an external logging service (like a Log collector, syslog, SNMP, email server). • An issue with the external logging service itself, such as it being offline or unable to process incoming logs. • A resource constraint on the NGFW or the external logging service, such as high CPU or memory utilization. When this occurs, a significant portion of the NGFW's log data isn't forwarded to its intended destination.
Raise Condition
When logs fail to get forwarded to its respective destination for 1 hours
Clear Condition
When the logs are getting forwarded and there is no delay or loss in log forwarding for at least 4 hours
Probable Root Cause Incident
"INC_NGFW_DISK_HINT_OVERFLOW_LOG_FWD_FAIL",
"INC_NGFW_FSM_INIT_FAILED",
"INC_NGFW_LOG_FORWARDING_DISABLED_DUE_TO_SNMP_SERVER_UNRESOLVED_HOSTNAME",
"INC_NGFW_LOG_FWD_DELAY",
"INC_NGFW_LOG_FWD_MISSING_COLLECTOR_PREF",
"INC_NGFW_PANORAMA_SYSLOG_OVER_TLS_FAILED",
"INC_NGFW_TCP_CONN_SYSLOG",
"INC_NGFW_TCP_SYSLOG_SERVER_UNREACHABLE",
“INC_NGFW_OUT_OF_SYNC_LOG_COLLECTOR”,
“INC_NGFW_SYSLOG_CONNECTION_FAILED_NAME_OR_SERVICE_NOT_KNOWN”