Log Forwarding Errors
Table of Contents
Expand all | Collapse all
-
- Cortex Data Lake for Panorama-Managed Firewalls
- Start Sending Logs to a New Cortex Data Lake Instance
- Configure Panorama in High Availability for Cortex Data Lake
- Allocate Storage Based on Log Type
- View Cortex Data Lake Status
- View Logs in Cortex Data Lake
- TCP Ports and FQDNs Required for Cortex Data Lake
- Sizing for Cortex Data Lake Storage
-
- Forward Logs from Cortex Data Lake to a Syslog Server
- Forward Logs from Cortex Data Lake to an HTTPS Server
- Forward Logs from Cortex Data Lake to an Email Server
- Log Record Formats
- Create Log Filters
- Server Certificate Validation
- List of Trusted Certificates for Syslog and HTTPS Forwarding
- Log Forwarding Errors
Log Forwarding Errors
Find out more about errors you may see in log forwarding.
When a problem occurs that disrupts the
flow of your log data to its destination, you may see an error in
the app UI. See the table below to find out what these errors mean
and, if applicable, how you can resolve them.
Error Message | Description |
---|---|
connection to server failed due to incomplete CA
chain | The CA chain provided by the server is incomplete.
Check that the certificate chain is complete. You can check this
by running openssl s_client on the server. |
resolving host name failed | The IP address of the host could not be determined.
Make sure that you have a DNS entry for the host. |
TLS handshake with server failed | Verify that you are using an allowed TLS version
and cipher suite. You can find this information in your server configuration. |
subject alternative names do not match | The syslog server and the subject alternative name
(SAN) in the server certificate do not match. |
connection to server failed due to revoked
cert in chain | The server certificate has been revoked. Contact
your CA to get a new one. |
protocol error | An HTTP protocol error occurred. Verify that
the URI path exists. |
TCP connection to server failed | The connection to the syslog or HTTP server timed
out. Verify that the server FQDN and port are correct and that a
server is listening at this FQDN and port. |
Unable to save the profile because it is too large.
Please reduce the number of filters for different log types or the
number of columns in the filters and try again. | The profile that you are trying to save exceeds the size
limit. Many factors determine the size limit: the number of log types,
filters, and columns, as well as the type of log message (CEF,
LEEF, HTTPS, EMAIL, or CSV). To resolve this error, try distributing the number of log filters
among different log forwarding profiles. For example, if you
have a profile with ten filters and you see this error, try
creating two profiles with five filters each instead. |