Medium System Log Messages
Table of Contents
Expand All
|
Collapse All
Next-Generation Firewall Docs
-
PAN-OS 11.0 (EoL)
- PAN-OS 11.1 & Later
- PAN-OS 11.0 (EoL)
- PAN-OS 10.2
- PAN-OS 10.1
- PAN-OS 10.0 (EoL)
- PAN-OS 9.1 (EoL)
- Cloud Management of NGFWs
-
- Management Interfaces
-
- Launch the Web Interface
- Configure Banners, Message of the Day, and Logos
- Use the Administrator Login Activity Indicators to Detect Account Misuse
- Manage and Monitor Administrative Tasks
- Commit, Validate, and Preview Firewall Configuration Changes
- Commit Selective Configuration Changes
- Export Configuration Table Data
- Use Global Find to Search the Firewall or Panorama Management Server
- Manage Locks for Restricting Configuration Changes
-
-
- Define Access to the Web Interface Tabs
- Provide Granular Access to the Monitor Tab
- Provide Granular Access to the Policy Tab
- Provide Granular Access to the Objects Tab
- Provide Granular Access to the Network Tab
- Provide Granular Access to the Device Tab
- Define User Privacy Settings in the Admin Role Profile
- Restrict Administrator Access to Commit and Validate Functions
- Provide Granular Access to Global Settings
- Provide Granular Access to the Panorama Tab
- Provide Granular Access to Operations Settings
- Panorama Web Interface Access Privileges
-
- Reset the Firewall to Factory Default Settings
-
- Plan Your Authentication Deployment
- Pre-Logon for SAML Authentication
- Configure SAML Authentication
- Configure Kerberos Single Sign-On
- Configure Kerberos Server Authentication
- Configure TACACS+ Authentication
- Configure RADIUS Authentication
- Configure LDAP Authentication
- Configure Local Database Authentication
- Configure an Authentication Profile and Sequence
- Test Authentication Server Connectivity
- Troubleshoot Authentication Issues
-
- Keys and Certificates
- Default Trusted Certificate Authorities (CAs)
- Certificate Deployment
- Configure the Master Key
- Export a Certificate and Private Key
- Configure a Certificate Profile
- Configure an SSL/TLS Service Profile
- Configure an SSH Service Profile
- Replace the Certificate for Inbound Management Traffic
- Configure the Key Size for SSL Forward Proxy Server Certificates
-
- HA Overview
-
- Prerequisites for Active/Active HA
- Configure Active/Active HA
-
- Use Case: Configure Active/Active HA with Route-Based Redundancy
- Use Case: Configure Active/Active HA with Floating IP Addresses
- Use Case: Configure Active/Active HA with ARP Load-Sharing
- Use Case: Configure Active/Active HA with Floating IP Address Bound to Active-Primary Firewall
- Use Case: Configure Active/Active HA with Source DIPP NAT Using Floating IP Addresses
- Use Case: Configure Separate Source NAT IP Address Pools for Active/Active HA Firewalls
- Use Case: Configure Active/Active HA for ARP Load-Sharing with Destination NAT
- Use Case: Configure Active/Active HA for ARP Load-Sharing with Destination NAT in Layer 3
- HA Clustering Overview
- HA Clustering Best Practices and Provisioning
- Configure HA Clustering
- Refresh HA1 SSH Keys and Configure Key Options
- HA Firewall States
- Reference: HA Synchronization
-
- Use the Dashboard
- Monitor Applications and Threats
- Monitor Block List
-
- Report Types
- View Reports
- Configure the Expiration Period and Run Time for Reports
- Disable Predefined Reports
- Custom Reports
- Generate Custom Reports
- Generate the SaaS Application Usage Report
- Manage PDF Summary Reports
- Generate User/Group Activity Reports
- Manage Report Groups
- Schedule Reports for Email Delivery
- Manage Report Storage Capacity
- View Policy Rule Usage
- Use External Services for Monitoring
- Configure Log Forwarding
- Configure Email Alerts
-
- Configure Syslog Monitoring
-
- Traffic Log Fields
- Threat Log Fields
- URL Filtering Log Fields
- Data Filtering Log Fields
- HIP Match Log Fields
- GlobalProtect Log Fields
- IP-Tag Log Fields
- User-ID Log Fields
- Decryption Log Fields
- Tunnel Inspection Log Fields
- SCTP Log Fields
- Authentication Log Fields
- Config Log Fields
- System Log Fields
- Correlated Events Log Fields
- GTP Log Fields
- Audit Log Fields
- Syslog Severity
- Custom Log/Event Format
- Escape Sequences
- Forward Logs to an HTTP/S Destination
- Firewall Interface Identifiers in SNMP Managers and NetFlow Collectors
- Monitor Transceivers
-
- User-ID Overview
- Enable User-ID
- Map Users to Groups
- Enable User- and Group-Based Policy
- Enable Policy for Users with Multiple Accounts
- Verify the User-ID Configuration
-
- App-ID Overview
- App-ID and HTTP/2 Inspection
- Manage Custom or Unknown Applications
- Safely Enable Applications on Default Ports
- Applications with Implicit Support
-
- Prepare to Deploy App-ID Cloud Engine
- Enable or Disable the App-ID Cloud Engine
- App-ID Cloud Engine Processing and Policy Usage
- New App Viewer (Policy Optimizer)
- Add Apps to an Application Filter with Policy Optimizer
- Add Apps to an Application Group with Policy Optimizer
- Add Apps Directly to a Rule with Policy Optimizer
- Replace an RMA Firewall (ACE)
- Impact of License Expiration or Disabling ACE
- Commit Failure Due to Cloud Content Rollback
- Troubleshoot App-ID Cloud Engine
- Application Level Gateways
- Disable the SIP Application-level Gateway (ALG)
- Maintain Custom Timeouts for Data Center Applications
-
- Decryption Overview
-
- Keys and Certificates for Decryption Policies
- SSL Forward Proxy
- SSL Forward Proxy Decryption Profile
- SSL Inbound Inspection
- SSL Inbound Inspection Decryption Profile
- SSL Protocol Settings Decryption Profile
- SSH Proxy
- SSH Proxy Decryption Profile
- Profile for No Decryption
- SSL Decryption for Elliptical Curve Cryptography (ECC) Certificates
- Perfect Forward Secrecy (PFS) Support for SSL Decryption
- SSL Decryption and Subject Alternative Names (SANs)
- TLSv1.3 Decryption
- High Availability Not Supported for Decrypted Sessions
- Decryption Mirroring
- Configure SSL Forward Proxy
- Configure SSL Inbound Inspection
- Configure SSH Proxy
- Configure Server Certificate Verification for Undecrypted Traffic
- Enable Users to Opt Out of SSL Decryption
- Temporarily Disable SSL Decryption
- Configure Decryption Port Mirroring
- Verify Decryption
- Activate Free Licenses for Decryption Features
-
- Policy Types
- Policy Objects
- Track Rules Within a Rulebase
- Enforce Policy Rule Description, Tag, and Audit Comment
- Move or Clone a Policy Rule or Object to a Different Virtual System
-
- External Dynamic List
- Built-in External Dynamic Lists
- Configure the Firewall to Access an External Dynamic List
- Retrieve an External Dynamic List from the Web Server
- View External Dynamic List Entries
- Exclude Entries from an External Dynamic List
- Enforce Policy on an External Dynamic List
- Find External Dynamic Lists That Failed Authentication
- Disable Authentication for an External Dynamic List
- Register IP Addresses and Tags Dynamically
- Use Dynamic User Groups in Policy
- Use Auto-Tagging to Automate Security Actions
- CLI Commands for Dynamic IP Addresses and Tags
- Application Override Policy
- Test Policy Rules
-
- Network Segmentation Using Zones
- How Do Zones Protect the Network?
-
PAN-OS 11.1 & Later
- PAN-OS 11.1 & Later
- PAN-OS 11.0 (EoL)
- PAN-OS 10.2
- PAN-OS 10.1
-
- Tap Interfaces
-
- Layer 2 and Layer 3 Packets over a Virtual Wire
- Port Speeds of Virtual Wire Interfaces
- LLDP over a Virtual Wire
- Aggregated Interfaces for a Virtual Wire
- Virtual Wire Support of High Availability
- Zone Protection for a Virtual Wire Interface
- VLAN-Tagged Traffic
- Virtual Wire Subinterfaces
- Configure Virtual Wires
- Configure a PPPoE Client on a Subinterface
- Configure an IPv6 PPPoE Client
- Configure an Aggregate Interface Group
- Configure Bonjour Reflector for Network Segmentation
- Use Interface Management Profiles to Restrict Access
-
- DHCP Overview
- Firewall as a DHCP Server and Client
- Firewall as a DHCPv6 Client
- DHCP Messages
- Dynamic IPv6 Addressing on the Management Interface
- Configure an Interface as a DHCP Server
- Configure an Interface as a DHCPv4 Client
- Configure an Interface as a DHCPv6 Client with Prefix Delegation
- Configure the Management Interface as a DHCP Client
- Configure the Management Interface for Dynamic IPv6 Address Assignment
- Configure an Interface as a DHCP Relay Agent
-
- DNS Overview
- DNS Proxy Object
- DNS Server Profile
- Multi-Tenant DNS Deployments
- Configure a DNS Proxy Object
- Configure a DNS Server Profile
- Use Case 1: Firewall Requires DNS Resolution
- Use Case 2: ISP Tenant Uses DNS Proxy to Handle DNS Resolution for Security Policies, Reporting, and Services within its Virtual System
- Use Case 3: Firewall Acts as DNS Proxy Between Client and Server
- DNS Proxy Rule and FQDN Matching
-
- NAT Rule Capacities
- Dynamic IP and Port NAT Oversubscription
- Dataplane NAT Memory Statistics
-
- Translate Internal Client IP Addresses to Your Public IP Address (Source DIPP NAT)
- Create a Source NAT Rule with Persistent DIPP
- PAN-OS
- Strata Cloud Manager
- Enable Clients on the Internal Network to Access your Public Servers (Destination U-Turn NAT)
- Enable Bi-Directional Address Translation for Your Public-Facing Servers (Static Source NAT)
- Configure Destination NAT with DNS Rewrite
- Configure Destination NAT Using Dynamic IP Addresses
- Modify the Oversubscription Rate for DIPP NAT
- Reserve Dynamic IP NAT Addresses
- Disable NAT for a Specific Host or Interface
-
- Network Packet Broker Overview
- How Network Packet Broker Works
- Prepare to Deploy Network Packet Broker
- Configure Transparent Bridge Security Chains
- Configure Routed Layer 3 Security Chains
- Network Packet Broker HA Support
- User Interface Changes for Network Packet Broker
- Limitations of Network Packet Broker
- Troubleshoot Network Packet Broker
-
- Enable Advanced Routing
- Logical Router Overview
- Configure a Logical Router
- Create a Static Route
- Configure BGP on an Advanced Routing Engine
- Create BGP Routing Profiles
- Create Filters for the Advanced Routing Engine
- Configure OSPFv2 on an Advanced Routing Engine
- Create OSPF Routing Profiles
- Configure OSPFv3 on an Advanced Routing Engine
- Create OSPFv3 Routing Profiles
- Configure RIPv2 on an Advanced Routing Engine
- Create RIPv2 Routing Profiles
- Create BFD Profiles
- Configure IPv4 Multicast
- Configure MSDP
- Create Multicast Routing Profiles
- Create an IPv4 MRoute
-
-
PAN-OS 11.2
- PAN-OS 11.2
- PAN-OS 11.1
- PAN-OS 11.0 (EoL)
- PAN-OS 10.2
- PAN-OS 10.1
- PAN-OS 10.0 (EoL)
- PAN-OS 9.1 (EoL)
- PAN-OS 9.0 (EoL)
- PAN-OS 8.1 (EoL)
- Cloud Management and AIOps for NGFW
End-of-Life (EoL)
Medium System Log Messages
E-Log
Log Tags:
- auth
- ddns
- dhcp
- dns-security
- dynamic-updates
- fips
- general
- hw
- nat
- ntpd
- port
- routing
- satd
- syslog
- url-filtering
- userid
- wildfire
auth
Event ID | Description |
---|---|
cas-message | (profile id:<id>)<message> |
auth-fail | <type> with username "<name>" is invalid due to special characters |
auth-fail | Allocated slot <id> for uid <uid> <id> |
auth-fail | Admin <name> failed to authenticate <num> times - the unsuccessful authentication attempts threshold reached. |
auth-fail | Admin <name>'s account is being disabled due to excessive failed authentication attempts. |
auth-success | Certificate validated for user '<name>'. <error> |
auth-fail | Certificate validation failed for user '<user>'. <error> auth profile '<name>', vsys '<id>', reply message '<msg>' From: <name>. |
auth-fail | failed authenticated for user '<name>'. realm '<name>', EAP outer identity '<name>, inner identity '<name>', auth profile '<name>', vsys '<id>', server profile '<name>', server address '<addr>', admin role '<name>', access domain '<name>', reply message '<msg>' From: <name>. |
user-password-change-failed | failed authenticated for user '<name>'. realm '<name>', EAP outer identity '<name>, inner identity '<name>', auth profile '<name>', vsys '<id>', server profile '<name>', server address '<addr>', admin role '<name>', access domain '<name>', reply message '<msg>' From: <name>. |
auth-fail | Kerberos SSO authentication failed for user '<name>'. realm '<name>', EAP outer identity '<name>, inner identity '<name>', auth profile '<name>', vsys '<id>', server profile '<name>', server address '<addr>', admin role '<name>', access domain '<name>', reply message '<msg>' From: <name>. |
user-password-change-failed | Kerberos SSO authentication failed for user '<name>'. realm '<name>', EAP outer identity '<name>, inner identity '<name>', auth profile '<name>', vsys '<id>', server profile '<name>', server address '<addr>', admin role '<name>', access domain '<name>', reply message '<msg>' From: <name>. |
auth-fail | SAML SSO authentication failed for user '<name>'. realm '<name>', EAP outer identity '<name>, inner identity '<name>', auth profile '<name>', vsys '<id>', server profile '<name>', server address '<addr>', admin role '<name>', access domain '<name>', reply message '<msg>' From: <name>. |
user-password-change-failed | SAML SSO authentication failed for user '<name>'. realm '<name>', EAP outer identity '<name>, inner identity '<name>', auth profile '<name>', vsys '<id>', server profile '<name>', server address '<addr>', admin role '<name>', access domain '<name>', reply message '<msg>' From: <name>. |
auth-fail | CAS SSO authentication failed for user '<name>'. realm '<name>', EAP outer identity '<name>, inner identity '<name>', auth profile '<name>', vsys '<id>', server profile '<name>', server address '<addr>', admin role '<name>', access domain '<name>', reply message '<msg>' From: <name>. |
user-password-change-failed | CAS SSO authentication failed for user '<name>'. realm '<name>', EAP outer identity '<name>, inner identity '<name>', auth profile '<name>', vsys '<id>', server profile '<name>', server address '<addr>', admin role '<name>', access domain '<name>', reply message '<msg>' From: <name>. |
ddns
Event ID | Description |
---|---|
ddns-unsupported | Interface <name> DDNS config for host <host> to <label> (<label>) is using a non-supported DDNS service provider. Please convert to a supported service. |
dhcp
Event ID | Description |
---|---|
ip-already-in-use | ip address is already in use |
server-no-free-ip | DHCP server runs out of ip pool |
dns-security
Event ID | Description |
---|---|
PAN_ELOG_EVENT_DNSSEC_DNS_CLOUD_QUERY_TIMEOUT | DNS Security cloud query timeout. |
dynamic-updates
Event ID | Description |
---|---|
palo-alto-networks-message | <message> |
fips
Event ID | Description |
---|---|
fips-entropy-rtciid | RTC-IID error occurred - attempting recovery... |
fips-entropy-rtciid | RTC-IID - Reading record failure |
general
Event ID | Description |
---|---|
general | CAS token sign cert "<name>" is invalid with error msg "<msg>" |
general | PANDB: Authentication or Client Certificate failure. |
general | PANDB: Client Certificate has expired or is not yet valid. |
general | PANDB: Device Client Certificate unavailable. |
general | PANDB: Mismatched Serial number in certificate and payload. |
general | PANDB: Expired Client Certificate. |
general | PANDB: Revoked Client Certificate. |
general | PANDB: Reason - Unknown Issuer or Incomplete or Incorrect Certificate chain. |
general | MLAV: Client Certificate has expired or is not yet valid. |
general | MLAV: Device Client Certificate unavailable. |
general | MLAV: Mismatched Serial number in certificate and payload. |
general | MLAV: Expired Client Certificate. |
general | MLAV: Revoked Client Certificate. |
general | MLAV: Reason - Unknown Issuer or Incomplete or Incorrect Certificate chain. |
general | WFRTSIG: Authentication or Client Certificate failure. |
general | WFRTSIG: Client Certificate has expired or is not yet valid. |
general | WFRTSIG: Device Client Certificate unavailable. |
general | WFRTSIG: Mismatched Serial number in certificate and payload. |
general | WFRTSIG: Expired Client Certificate. |
general | WFRTSIG: Revoked Client Certificate. |
general | WFRTSIG: Reason - Unknown Issuer or Incomplete or Incorrect Certificate chain. |
general | Server Cert: <name> is invalid, its name does not match the server <server> |
general | Server Cert: <name> is invalid for server <name>: <error> |
general | Slot s<num>: Application Pod '<name> : <namespace>: <interface>' can't be served right now; All <num> ports (<num> pods) in use, waiting for ports availability (for <name>). |
general | Failed to connect to wildfire-realtime cloud, retry after 30 seconds. |
general | CONFIG_UPDATE_INC : Incremental update to DP failed please try to commit force the latest config |
general | Request made to <name> server returned with HTTP response code : <code> |
hw
Event ID | Description |
---|---|
slot-up | Slot <id> (PA-7000/5400-100G-NPC) ctd-mode is AHO |
nat
Event ID | Description |
---|---|
fallback_report | On vsys <id>, there are <num> NAT DIPP fallbacks happeing in NAT rule <name>. |
ntpd
Event ID | Description |
---|---|
auth | NTP sync to server <addr> failed, authentication type autokey |
auth | NTP sync to server <addr> failed, authentication type autokey |
port
Event ID | Description |
---|---|
invalid-module | <name>: requires an SFP+ module. |
invalid-module | <buf>: requires an optical or copper SFP module. |
routing
Event ID | Description |
---|---|
routed-static-fqdn-changed | Routed static fqdn mapping is changed |
routed-static-fqdn-changed | Routed static fqdn mapping is changed |
routed-BGP-peer-mp-extension-negotiate | BGP peer MP extension negotiation. MP-EXTENSION negotiation to peer name: <name>, peer IP: <ip> successful" |
routed-BGP-peer-enter-established | BGP peer session enters established state. peer name: <name>, peer IP: <ip>. |
routed-BGP-refresh-sent | ROUTE REFRESH message sent to a BGP peer. peer name: <name>, peer IP: <ip>. |
routed-BGP-ribout-recalc | An RIB-Out is being recalculated as a result of changed export policy. peer name: <name>, peer IP: <ip>. |
routed-BGP-ribin-recalc | An RIB-In is being recalculated as a result of changed import policy. peer name: <name>, peer IP: <ip>. |
satd
Event ID | Description |
---|---|
satd-portal-gateway-duplicate | GlobalProtect portal config duplicated gateway. |
syslog
Event ID | Description |
---|---|
syslog-conn-status | <syslog-ng message> |
url-filtering
Event ID | Description |
---|---|
dynamic-url-connection-down | Dynamic URL connection is unavailable please check if service.brightcloud.com (<ip>) is reachable |
connection-failure | Failed to connect to Brightcloud update server: Cannot fetch source IP address |
url-download-failure | The URL cloud list file was not found on the cloud. |
cloud-election | CLOUD ELECTION: cannot elect a cloud |
url-cloud-connection-failure | Failed to open connection with the cloud after "<num> consecutive tries. |
error-msg-from-cloud | ERROR message from cloud. Invalid request. |
error-msg-from-cloud | ERROR message from cloud. Invalid request. |
error-msg-from-cloud | ERROR status from cloud |
startup-failure | PAN-DB engine startup failed. |
update-version-failure | Failed to update version <version>. |
update-version-failure | Failed to update version <version>. |
update-version-failure | Failed to update version <version>. |
update-version-failure | Failed to update version <version>. |
update-version-failure | Failed to update version <version>. |
starts-from-empty-seed | Failed to load the URL seed database, starting with an empty database. |
ha-sync-failure | Unable to initiate file sync to peer: <error> |
url-backup-seed-failure | Failed to back up PAN-DB |
engine-startup-failure | May runs without URL filtering !!! |
ha-sync-failure | Failed to upload the new HA URL file to RAM, start loading old URL file. |
starts-from-empty-seed | Failed to upload the old URL file to RAM,Starting with an empty file. |
engine-startup-failure | Runs without URL filtering !!! |
ha-sync-failure | Failed to receive file completely from peer (<name>:<name>): <error>. |
userid
Event ID | Description |
---|---|
connect-ldap-sever-failure | ldap cfg <name> failed to connect to server <server>: <error> |
get-ldap-data-failure | ldap cfg <name> failed to get info from server <server> |
connect-ldap-sever-failure | ldap cfg <name> failed to connect to server <server>: <error> |
get-ldap-data-failure | ldap cfg <name> failed to get info from server <name> |
wildfire
Event ID | Description |
---|---|
wildfire-conn-success | Successfully registered to <description> <name> |
Slog
- Queue '<name>' reached the watermark limit at <num>
- Removed Used AuthKey '<name>'
- Removed Expired AuthKey '<name>'
- Deleted AuthKey '<name>'
- Created AuthKey '<name>' (Count:<num>, Life:< num>s, Type:'<type>', Serial-Count:<num>)
- Failed to SCP out Deployment file: '<file>' (rc: <num>)
- Failed to SCP out Deployment metafile: '<file>' (rc: <num>)
- Failed to SCP in Deployment metafile: '<file>' (rc: <num>)
- Failed to SCP in Deployment file: '<file>' (rc: <num>)
- Could not access threat vault
- Failed to upload the sample to the cloud.
- Registration to cloud failed.
- Created new devicecert '<name>'
- Created new cert '<name>'
- mail send: <status>
- Tor status is checked and changed to: <name>.
- Failed to send test email using email profile <name>.