1. Home
    2. Security Operations
    3. Cortex Data Lake
    4. Cortex Data Lake Getting Started
    5. Forwarding Logs from Cortex Data Lake
    6. Log Forwarding Errors

    Log Forwarding Errors

    Find out more about errors you may see in log forwarding.
    When a problem occurs that disrupts the flow of your log data to its destination, you may see an error in the app UI. See the table below to find out what these errors mean and, if applicable, how you can resolve them.
    Error Message
    Description
    connection to server failed due to incomplete CA chain
    The CA chain provided by the server is incomplete. Check that the certificate chain is complete. You can check this by running
    openssl s_client
     on the server.
    resolving host name failed
    The IP address of the host could not be determined. Make sure that you have a DNS entry for the host.
    TLS handshake with server failed
    Verify that you are using an allowed TLS version and cipher suite. You can find this information in your server configuration.
    subject alternative names do not match
    The syslog server and the subject alternative name (SAN) in the server certificate do not match.
    connection to server failed due to revoked cert in chain
    The server certificate has been revoked. Contact your CA to get a new one.
    protocol error
    An HTTP protocol error occurred. Verify that the URI path exists.
    TCP connection to server failed
    The connection to the syslog or HTTP server timed out. Verify that the server FQDN and port are correct and that a server is listening at this FQDN and port.
    Unable to save the profile because it is too large. Please reduce the number of filters for different log types or the number of columns in the filters and try again.
    The profile that you are trying to save exceeds the size limit.
    Many factors determine the size limit: the number of log types, filters, and columns, as well as the type of log message (CEF, LEEF, HTTPS, EMAIL, or CSV).
    To resolve this error, try distributing the number of log filters among different log forwarding profiles. For example, if you have a profile with ten filters and you see this error, try creating two profiles with five filters each instead.

    Recommended For You

    Recommended Videos

    Recommended videos not found.

    © 2023 Palo Alto Networks, Inc. All rights reserved.

    Techdocs Logo