Log Forwarding Errors

Find out more about errors you may see in log forwarding.
When a problem occurs that disrupts the flow of your log data to its destination, you may see an error in the app UI. See the table below to find out what these errors mean and, if applicable, how you can resolve them.
Error Message
connection to server failed due to incomplete CA chain
The CA chain provided by the server is incomplete. Check that the certificate chain is complete. You can check this by running
openssl s_client
on the server.
resolving host name failed
The IP address of the host could not be determined. Make sure that you have a DNS entry for the host.
TLS handshake with server failed
Verify that you are using an allowed TLS version and cipher suite. You can find this information in your server configuration.
subject alternative names do not match
The syslog server and the subject alternative name (SAN) in the server certificate do not match.
connection to server failed due to revoked cert in chain
The server certificate has been revoked. Contact your CA to get a new one.
protocol error
An HTTP protocol error occurred. Verify that the URI path exists.
TCP connection to server failed
The connection to the syslog or HTTP server timed out. Verify that the server FQDN and port are correct and that a server is listening at this FQDN and port.
Unable to save the profile because it is too large. Please reduce the number of filters for different log types or the number of columns in the filters and try again.
The profile that you are trying to save exceeds the size limit.
Many factors determine the size limit: the number of log types, filters, and columns, as well as the type of log message (CEF, LEEF, HTTPS, EMAIL, or CSV).
To resolve this error, try distributing the number of log filters among different log forwarding profiles. For example, if you have a profile with ten filters and you see this error, try creating two profiles with five filters each instead.

Recommended For You