>
    Strata Copilot
    Reduced Log Forwarding Detected
    Focus
    Download PDF
    Focus
    1. Home
    2. Next-Generation Firewall
    3. NGFW Incidents Reference
    4. Reduced Log Forwarding Detected
    Download PDF
    Next-Generation Firewall

    Reduced Log Forwarding Detected

    Table of Contents

    Reduced Log Forwarding Detected

    Incident Code
    INC_NGFW_REDUCED_LOG_FORWARDING
    Severity
    Warning
    Category
    Network Services
    Subcategory
    Logging
    Description
    This alert triggers when the NGFW's log-receiver fills up, causing it to drop logs. This issue can stem from several factors, including: • A network connectivity problem to an external logging service (like a Log collector, syslog, SNMP, email server). • An issue with the external logging service itself, such as it being offline or unable to process incoming logs. • A resource constraint on the NGFW or the external logging service, such as high CPU or memory utilization. When this occurs, a significant portion of the NGFW's log data isn't forwarded to its intended destination.
    Raise Condition
    When logs fail to get forwarded to its respective destination for 1 hours
    Clear Condition
    When the logs are getting forwarded and there is no delay or loss in log forwarding for at least 4 hours
    Probable Root Cause Incident
    "INC_NGFW_DISK_HINT_OVERFLOW_LOG_FWD_FAIL",
    "INC_NGFW_FSM_INIT_FAILED",
    "INC_NGFW_LOG_FORWARDING_DISABLED_DUE_TO_SNMP_SERVER_UNRESOLVED_HOSTNAME",
    "INC_NGFW_LOG_FWD_DELAY",
    "INC_NGFW_LOG_FWD_MISSING_COLLECTOR_PREF",
    "INC_NGFW_PANORAMA_SYSLOG_OVER_TLS_FAILED",
    "INC_NGFW_TCP_CONN_SYSLOG",
    "INC_NGFW_TCP_SYSLOG_SERVER_UNREACHABLE",
    “INC_NGFW_OUT_OF_SYNC_LOG_COLLECTOR”,
    “INC_NGFW_SYSLOG_CONNECTION_FAILED_NAME_OR_SERVICE_NOT_KNOWN”

    © 2026 Palo Alto Networks, Inc. All rights reserved.