>
    Informational System Log Messages
    Focus
    Download PDF
    Focus
    1. Home
    2. PAN-OS
    3. Monitoring
    4. Use Syslog for Monitoring
    5. Syslog Severity Reference
    6. Informational System Log Messages
    Download PDF

    Informational System Log Messages

    Table of Contents
    End-of-Life (EoL)

    Informational System Log Messages

    E-Log

    Log Tags:
    audit
    Event IDDescription
    api<cmd>
    cli<cmd>
    cli<config command>
    api<config command>
    gnmi<config command>
    gui-op<config command>
    auth
    Event IDDescription
    cas-message(profile id:<id>)<message>
    auth-failTime clock does not match that on KDC server at '<name>' (code: <id>)
    auth-failUser '<name>' does not exist on KDC server '<name>' (code: <id>)
    auth-failWrong realm: '<name>' (code: <id>)
    auth-failUsername and password do not match, preauth failed (code: <id>)
    Kerberos error: <error> (code: <id>)
    auth-failWhen authenticating user "<name>", KDC Spoofing attack is detected by krb5_verify_init_creds() (krb5 error code: <id>)
    auth-successAdmin <name> account has been restored - lockout timer expired.
    user-password-change-successWhen authenticating user '<name>' <remotehost>, a less secure authentication method <proto> is used. Please migrate to PEAP or EAP-TTLS. Authentication Profile '<name>', vsys '<name>', Server Profile '<name>', Server Address '<ip>'
    auth-failCertificate validation failed for user '<name>'. <error>
    auth-successCertificate validated for user '<user>'. <error> auth profile '<name>', vsys '<id>', reply message '<msg>' From: <name>.
    user-password-change-successKerberos SSO authenticated for user '<name>'. realm '<name>', EAP outer identity '<name>, inner identity '<name>', auth profile '<name>', vsys '<id>', server profile '<name>', server address '<addr>', admin role '<name>', access domain '<name>', reply message '<msg>' From: <name>.
    auth-successKerberos SSO authenticated for user '<name>'. realm '<name>', EAP outer identity '<name>, inner identity '<name>', auth profile '<name>', vsys '<id>', server profile '<name>', server address '<addr>', admin role '<name>', access domain '<name>', reply message '<msg>' From: <name>.
    user-password-change-successSAML SSO authenticated for user '<name>'. realm '<name>', EAP outer identity '<name>, inner identity '<name>', auth profile '<name>', vsys '<id>', server profile '<name>', server address '<addr>', admin role '<name>', access domain '<name>', reply message '<msg>' From: <name>.
    auth-successSAML SSO authenticated for user '<name>'. realm '<name>', EAP outer identity '<name>, inner identity '<name>', auth profile '<name>', vsys '<id>', server profile '<name>', server address '<addr>', admin role '<name>', access domain '<name>', reply message '<msg>' From: <name>.
    user-password-change-successCAS SSO authenticated for user '<name>'. realm '<name>', EAP outer identity '<name>, inner identity '<name>', auth profile '<name>', vsys '<id>', server profile '<name>', server address '<addr>', admin role '<name>', access domain '<name>', reply message '<msg>' From: <name>.
    auth-successCAS SSO authenticated for user '<name>'. realm '<name>', EAP outer identity '<name>, inner identity '<name>', auth profile '<name>', vsys '<id>', server profile '<name>', server address '<addr>', admin role '<name>', access domain '<name>', reply message '<msg>' From: <name>.
    user-password-change-successauthenticated for user '<name>'. realm '<name>', EAP outer identity '<name>, inner identity '<name>', auth profile '<name>', vsys '<id>', server profile '<name>', server address '<addr>', admin role '<name>', access domain '<name>', reply message '<msg>' From: <name>.
    auth-successauthenticated for user '<name>'. realm '<name>', EAP outer identity '<name>, inner identity '<name>', auth profile '<name>', vsys '<id>', server profile '<name>', server address '<addr>', admin role '<name>', access domain '<name>', reply message '<msg>' From: <name>.
    cas-client-redirectClient '<name>' redirected to '<url>' with auth_session_id '<id>'
    cas-token-receivedReceived CAS token from client '<name>' from '<url>' with auth_session_id '<id>'
    cas-token-parse-errorFailed to parse CAS token from client '<host>' from '<url>' with auth_session_id '<id>' : <message>
    cas-token-validatedValidated CAS token from client '<name>' from '<url>' with auth_session_id '<id>' and username '<name>'
    cas-mfa-infoMFA info from client '<name>' from '<url>' with auth_session_id '<id>' and username '<name>' : <info>
    saml-client-redirectClient '<name>' redirected to '<url>' for authentication profile '<profile>'
    saml-idp-activityReceived SAML Assertion from '<name>' from client '<name>'
    saml-signature-validatedSAML Assertion: signature is validated against IdP certificate (subject '<name>') for user '<name>'
    idp-initiated-log-out-successSAML Single Log out initiated for user '<name>' from '<name>', Auth profile: '<name>', Virtual System: '<name>', Server profile: '<name>', IdP entityID: '<id>'
    sp-initiated-log-out-successSAML Single Log out initiated for user '<name>' from '<name>', Auth profile: '<name>', Virtual System: '<name>', Server profile: '<name>', IdP entityID: '<id>'
    auth-failServer certificate: '<name>' is invalid, its name does not match the host name '<name>'
    auth-failServer certificate: '<name>' is invalid for server '<name>': <error>
    bfd
    Event IDDescription
    session-state-changeBFD state changed to <name> for BFD session <name> to neighbor <name> on interface <name>. Protocol: <name>
    clusterd
    Event IDDescription
    cluster-cfg-modeCluster node mode is changed.
    cluster-config-p1-successCluster daemon configuration load phase-1 succeeded.
    cluster-config-p1-abortCluster daemon configuration load phase-1 aborted.
    cluster-config-p2-successCluster daemon configuration load phase-2 succeeded.
    cluster-self-joinLocal node joined cluster:
    cluster-service-readyCluster service is ready.
    cluster-service-upCluster service up:
    cluster-split-brain-enterCluster enters split-brain mode.
    cluster-split-brain-leaveCluster left split-brain mode.
    cluster-engine-startCluster engine will be started for:
    cluster-daemon-startCluster daemon is ready.
    cluster-daemon-exitCluster daemon has exited.
    cluster-daemon-initCluster daemon is initializing.
    ddns
    Event IDDescription
    ddns-removeInterface <name> DDNS config for host <host> to <label> removed. Please manually remove from DDNS service provider.
    debug
    Event IDDescription
    packet-diag-logPacket-diag logging has been enabled
    packet-diag-logPacket-diag logging has been disabled
    dhcp
    Event IDDescription
    if-update-okDHCP <desc>: interface <name>, dhcp server: <name>
    if-release-triggerDHCP <name>: interface <name>, ip <ip> netmask <mask> dhcp server: <name>
    if-renew-triggerDHCP <name>: interface <name>, ip <ip> netmask <mask> dhcp server: <name>
    if-update-failDHCP client could not clear IP address on interface:<name> due to: Error in updating interface/route table
    if-update-failDHCP client could not obtain IP address on interface:<name> due to: Error in updating interface/route table
    if-update-failDHCP client could not obtain IP address on interface:<name> due to: Error in updating interface/route table after HA sync from peer
    if-release-trigger<dhcp_log_event>
    if-renew-trigger<dhcp_log_event>
    if-update-ok<dhcp_log_event>
    if-rcv-nak<dhcp_log_event>
    if-duplicate-ip-intf<dhcp_log_event>
    if-duplicate-ip-remote<dhcp_log_event>
    if-update-failDHCP client could not obtain IP address on interface:<name> due to: Error in updating interface/route table
    if-update-failDHCP client could not clear IP address on interface:<name> due to: Error in updating interface/route table
    relay-onDHCP relay on
    relay6-onDHCPv6 relay on
    lease-endDHCP lease ended
    lease-startDHCP lease started
    server-auto-probe-offDHCP server auto-probe finished
    server-auto-probe-onDHCP server auto-probe finished
    server-onDHCP server auto-probe finished
    if-inheritDHCP server on interface: <name> inherited following values from dynamic interface: <name>: <server>
    if-update-failDHCP client could not obtain IP address on interface index:<num> due to: Error in updating interface/route table
    dns-security
    Event IDDescription
    PAN_ELOG_EVENT_DNSSEC_CACHE_SUCCESSDNS signature initialization from file storage successful.
    dnsproxy
    Event IDDescription
    if-addInterface <name> added to DNS proxy object:<obj>
    if-delInterface <name> deleted from DNS proxy object:<obj>
    if-inheritDNS Proxy object: <name> inherited following values from dynamic interface: <name>: Primary DNS: <name> Secondary DNS: <name>
    cache-clearedAll DNS Proxy cache entries were cleared
    object-enableDnsproxy object:<name> was enabled.
    object-enableDnsproxy object:<name> was disabled.
    dynamic-updates
    Event IDDescription
    palo-alto-networks-message<message>
    fips
    Event IDDescription
    fips-selftestFIPS Mode Self-test <description> ..... failed
    fips-selftestFIPS-CC Mode Self-test <description> ..... failed
    fips-selftestFIPS Mode Enabled Successfully
    general
    Event IDDescription
    generalRetrieved CRL from "<name>" with crl_next_update = <name>
    generalSlot s<num>: Application Pod '<namespace> : <name>:<interface>' using interfaces eth<num< and eth<num>
    generalSlot s<num>: Application Pod '<namespace> : <name>:<interface>' releasing interfaces eth<num< and eth<num>
    generalMachine Learning engine for <name> started
    generalReconnect to MLAV cloud, enable all machine Learning engines
    general<type> job was successfully reverted. Completion time=<time>. JobId=<id>. User: <name>
    wf-real-time-enabledWildFire Real-time feature enabled
    generalEvtmgr: Client=<id>[<devid>] msg=<msg> code=<num> socket <num>
    generalRequest made to <name> server is successful
    hw
    Event IDDescription
    fan-removedFan Tray #<num> removed
    fan-insertedFan Tray #<num> inserted
    ps-insertedPower Supply #<num> inserted
    Thermal FailureI2C Failure: Forcing the fan controler to run at maximum speed.\n"Setting the node [force] to pan_true\n
    Thermal FailureI2C connection restored. Forcing fans to revert their normal speed.\n"Setting the node [force] to pan_false\n
    Thermal FailureI2C connection restored. Forcing fans to revert their normal speed.\n"Setting the node [force] to pan_false\n
    slot-upSlot <id> (<model>) detects Session Distribution Policy is no longer ingress-slot. Enabling DPC.
    bootstrap-successBootstrap successfully completed "sw-version: <version>; app-version: <version>; threat-version: <version>
    bootstrap-media-prep-success<username>: Successfully prepared USB using bundle <file>
    ipv6nd
    Event IDDescription
    duplicated-IPv6-address-foundIPv6 address <address> on interface <name> is duplicate.
    lacp
    Event IDDescription
    lacp-upLACP interface <name> moved into AE-group <name>.
    lldp
    Event IDDescription
    mib changedUpdate: LLDP Update: Sent update for TLV <name> on local interface: <index>
    mib changedUpdate: Received change on local interface <name>
    monitoring
    Event IDDescription
    deviating-deviceDeviating device: <name>, Serial: <serial>, Object: <name> <nest>, Metric: <name>, Value: <value>
    N/A
    Event IDDescription
    N/ACreate audit logs
    N/Atest file
    nat
    Event IDDescription
    fqdn-addVsys <id> NAT rule <name> FQDN <key> add IP entry <ip>
    fqdn-delVsys <id> NAT rule <name> FQDN <key> delete IP entry <ip>
    ntpd
    Event IDDescription
    syncNTP sync to server <address>
    time-learnNTP time learnt from <time>; New time is: <time> and old time was <time>
    restartNTP restart synchronization performed
    time-learnNTP time learnt; New time is: <time>
    panorama-check
    Event IDDescription
    panorama-check-testJobId=<id>: <message>
    panorama-check-skipJobId=<id>: Skipping connection checks for <name>/<name> since the IP was changed.
    panorama-check-skipJobId=<id>: Skipping connection check for <name> since the panorama is not actively connected.
    panorama-check-auto-revert<type> job was successfully reverted. Completion time=<time>. JobId=<id>. User: <name>
    pbf
    Event IDDescription
    nh-upVsys <id> PBF rule <name> nexthop is UP
    nh-downVsys <id> PBF rule <name> nexthop is DOWN
    nh-downVsys <id> PBF rule <name> is Bypassed
    nh-upVsys <id> PBF rule <name> is Normal
    pbf-fqdn-changeVsys <id> PBF rule <name> nexthop FQDN <key> IPv4 is changed "from <ip> to <ip>
    pbf-fqdn-changeVsys <id> PBF rule <name> nexthop FQDN <key> IPv6 is changed "from <ip> to <ip>
    port
    Event IDDescription
    link-changePort HSCI: Up <type> duplex
    link-changePort HSCI: Down <type> duplex
    link-changePort HA1-b: Up <type> duplex
    link-changePort HA1-b: Down <type> duplex
    link-changePort HA2: Up <type> duplex
    link-changePort HA2: Down <type> duplex
    sdwan-link-changePort <port>: Up <type> duplex
    link-changePort <port>: Down <type> duplex
    sdwan-link-changeethernet<num>/<num>: Up <type> duplex
    link-changeethernet<num>/<num>: Down <type> duplex
    sdwan-link-changePort <port>: MAC Up
    link-changePort <port>: MAC Down
    nonsupp-forcedethernet<num>/<num>: trying to force mode <type> not supported, using autoneg
    link-changePort MGT: Up <type>
    link-changePort <interface>: Up <type>
    link-changePort <interface>: Down <type>
    pppoe
    Event IDDescription
    connect-failPPPoE session failed to connect for user:<name> on interface:<name>. Reason: <reason>
    connectPPPoE session was connected for user:<name> on interface:<name> to AC:<name>, mac address: <mac>, session id:<id>, IP Address negotiated: <ip>
    if-update-failPPPoE session connected for user:<name> on interface:<name> but updating interface/routing table failed.
    connect-failPPPoE session failed to connect for user:<name> on interface:<name>. Reason: No PPPoE Offer received
    initiatePPPoE session was initiated for user:<name> on interface:<name>
    connect-failPPPoE session failed to connect for user:<name> on interface:<name>. Reason: No PPPoE Confirm received
    terminatePPPoE session was terminated for user:<name> on interface:<name> to AC:<name>, mac address: <mac>, session id:<id>
    terminatePPPoE session was terminated for user:<name> on interface:<name> to AC:<name>, mac address: <mac>, session id:<id>
    ras
    Event IDDescription
    rasmgr-config-p1-successRASMGR daemon configuration load phase-1 succeeded.
    rasmgr-config-p1-abortRASMGR daemon configuration load phase-1 aborted.
    rasmgr-config-p2-successRASMGR daemon configuration load phase-2 succeeded.
    rasmgr-ha-full-sync-doneRASMGR daemon sync all user info to HA peer exit.
    rasmgr-ha-full-sync-doneRASMGR daemon sync all user info to HA peer exit.
    rasmgr-flow-full-sync-startRASMGR daemon sync all user info to Flow started.
    rasmgr-daemon-exitRASMGR daemon has exited.
    rasmgr-daemon-initRASMGR daemon is initializing.
    rasmgr-daemon-startRASMGR daemon is ready.
    resctrl
    Event IDDescription
    mem-usage-normalMemory usage is normal
    routing
    Event IDDescription
    routed-OSPF-stop-helper-modeOSPF stopped helper mode for a restarting neighbor. Restarting neighbor router ID <name> neighbor IP address <ip>. Reason: <reason>
    routed-ECMPECMP maximum path changed to <num> in virtual router <name>.
    routed-ECMPECMP enabled in virtual router <name>.
    routed-ECMPECMP disabled in virtual router <name>.
    routed-config-p1-successRoute daemon configuration load phase-1 succeeded.
    routed-config-p2-successRoute daemon configuration load phase-2 succeeded.
    routed-static-fqdn-changedRouted static fqdn mapping is changed
    routed-bgp-fqdn-changedRouted BGP fqdn mapping is changed
    routed-ECMPECMP maximum path changed to <num> in logical router <name>.
    routed-ECMPECMP enabled in logical router <name>.
    routed-ECMPECMP disabled in logical router <name>.
    routed-ECMPECMP load balancing algorithm changed to <name> in logical router <name>.
    routed-ECMPECMP symmetric return enabled in logical router <name>.
    routed-ECMPECMP symmetric return disabled in logical router <name>.
    routed-ECMPECMP strict source path enabled in logical router <name>.
    routed-ECMPECMP strict source path disabled in logical router <name>.
    routed-fib-sync-peer-backupFIB HA sync started when peer device becomes passive.
    routed-fib-sync-self-masterFIB HA sync started when local device becomes master.
    routed-fib-sync-peer-backupFIB HA sync started when peer device becomes passive.
    routed-fib-sync-self-masterFIB HA sync started when local device becomes master.
    routed-daemon-initRoute daemon is initializing.
    routed-daemon-startRoute daemon is ready.
    routed-daemon-exitRoute daemon has exited.
    routed-BGP-refresh-sentROUTE REFRESH message sent to a BGP peer.
    routed-BGP-ribin-recalcAn RIB-In is being recalculated as a result of changed import policy.
    routed-BGP-peer-enter-establishedBGP peer session enters established state.
    routed-BGP-peer-mp-extension-negotiateBGP peer MP extension negotiation.
    routed-IGMP-wrong-versionWrong IGMP query version
    routed-OSPF-neighbor-fullOSPF full adjacency established with neighbor.
    routed-OSPF-neighbor-2dirOSPF two-way communication established with neighbor.
    routed-OSPF-neighbor-fullOSPF full adjacency established with neighbor.
    routed-OSPF-start-graceful-restartOSPF started graceful restart.
    routed-OSPF-stopped-graceful-restartOSPF stopped graceful restart.
    routed-OSPF-start-helper_nodeOSPF started helper mode for a restarting neighbor.
    routed-OSPF-not-helpOSPF did not help a restarting neighbor.
    routed-OSPF-start-graceful-restartOSPF started graceful restart.
    routed-PIM-new-dr-electedPIM elected a new DR
    routed-PIM-neighbor-discoveredPIM discovered a new neighbor
    routed-PIM-neighbor-disappearedPIM neighbor disappeared
    routed-RIP-peer-addRIP peer discovered.
    satd
    Event IDDescription
    satd-config-p1-successSATD daemon configuration load phase-1 succeeded.
    satd-config-p1-abortSATD daemon configuration load phase-1 aborted.
    satd-config-p2-successSATD daemon configuration load phase-2 succeeded.
    satd-portal-connect-startedGlobalProtect Satellite connection to portal started.
    satd-gateway-connect-startedGlobalProtect Satellite connection to gateway started.
    satd-flow-full-sync-startSATD daemon sync all gateway infos to Flow started.
    satd-ha-full-sync-doneSATD daemon sync all gateway infos to HA peer exit.
    satd-daemon-initSATD daemon is initializing.
    satd-daemon-startSATD daemon is ready.
    satd-daemon-exitSATD daemon has exited.
    sched-push
    Event IDDescription
    sched-skipPush schedule <name> skipped on passive panorama
    sched-execPush schedule <name> kicked in. <num> jobs scheduled. Jobids: <ids>
    sdwan
    Event IDDescription
    sdwan-vif-status-up<vif> start with state UP. FW is Active
    sdwan-vif-status-up<vif> start with state UP. FW is Non-Active
    sdwan-vif-status-up<vif> is up
    sdwan-vif-status-down<vif> is down
    ssh
    Event IDDescription
    ssh-default-hostkey-changedDefault MGMT SSH host key set to ECDSA key of length <length>.
    ssh-default-hostkey-changedDefault MGMT SSH host key set to RSA key of length <length>
    ssh-default-hostkey-changedDefault MGMT SSH host key set to all.
    ssh-default-hostkey-changedDefault HA SSH host key set to ECDSA key of length <length>.
    ssh-default-hostkey-changedDefault HA SSH host key set to RSA key of length <length>.
    ssh-default-hostkey-changedError occurred while setting default host key for HA of type ECDSA and of length <length>
    ssh-default-hostkey-changedError occurred while setting default host key for MGMT of type ECDSA and of length <length>
    ssh-default-hostkey-changedError occurred while setting default host key for HA of type RSA and of length <length>
    ssh-default-hostkey-changedError occurred while setting default host key for MGMT of type RSA and of length <length>
    ssh-hostkey-regeneratedSSH host key for HA of type ECDSA and of length <num> generated
    ssh-hostkey-regeneratedSSH host key for MGMT of type ECDSA and of length <num> generated
    ssh-hostkey-regeneratedSSH host key for HA of type RSA and of length <num> generated
    ssh-hostkey-regeneratedSSH host key for MGMT of type RSA and of length <num> generated
    ssh-session-rekey-params-changedNew Rekeying parameters for MGMT SSH set.
    ssh-session-rekey-params-changedNew Rekeying parameters for HA SSH set.
    ssh-session-rekey-params-changedError occurred while setting rekeying parameters for MGMT SSH.
    ssh-session-rekey-params-changedError occurred while setting rekeying parameters for HA SSH.
    ssh-ciphers-changedCiphers set to default for MGMT SSH.
    ssh-ciphers-changedCiphers set to default for HA SSH.
    ssh-ciphers-changedError occurred while setting ciphers for MGMT SSH.
    ssh-ciphers-changedError occurred while setting ciphers for HA SSH.
    ssh-macs-changedMacs set to default for MGMT SSH.
    ssh-macs-changedMacs set to default for HA SSH.
    ssh-macs-changedError occurred while setting macs for MGMT SSH.
    ssh-macs-changedError occurred while setting macs for HA SSH.
    ssh-kexs-changedKexs set to default for MGMT SSH.
    ssh-kexs-changedKexs set to default for HA SSH.
    ssh-kexs-changedError occurred while setting kexs for MGMT SSH.
    ssh-kexs-changedError occurred while setting kexs for HA SSH.
    sslmgr
    Event IDDescription
    ca-session-establishment-successDestination address <addr>, Destination port <num>, Source address <addr>, Source port <num>
    ca-session-establishment-failedFailed to get CRL %s
    ca-session-establishment-failedKey Usage cRLSign check failed for CRL <name>
    ca-session-establishment-success"Successfully get CRL <name>
    ca-session-establishment-successCRL request to <name> succeeded
    ca-session-establishment-successOCSP request to "<host>" succeeded. \nDestination address: <addr>, Destination port: <port>, Source address: <addr>, Source port <port> \n
    ca-session-establishment-failedOCSP request to "<host>" failed. \nDestination address: <addr>, Destination port: <port>, Source address: <addr>, Source port <port> \n
    ca-session-establishment-failed<open_ssl_error>
    sslmgr-ha-not-full-syncSSLMGR daemon not sync to HA peer.
    sslmgr-ha-not-full-syncSSLMGR daemon not sync to HA peer.
    sslmgr-ha-not-full-syncSSLMGR daemon not sync to HA peer.
    sslmgr-cert-ocsp-verify-failedSSLMGR certificate ocsp verification failed.
    sslmgr-config-p1-successSSLMGR daemon configuration load phase-1 succeeded.
    sslmgr-config-p2-successSSLMGR daemon configuration load phase-2 succeeded.
    sslmgr-daemon-startSSLMGR daemon is ready.
    sslmgr-satellite-info-deletedSSLMGR satellite info deleted
    sslmgr-cert-status-deletedSSLMGR certificate status deleted.
    sslmgr-cert-status-revokedSSLMGR certificate status revoked.
    sslmgr-satellite-info-deletedSSLMGR satellite info deleted
    sslmgr-cert-status-revokedSSLMGR certificate status revoked.
    sslmgr-scep-ca-cert-failedSSLMGR import SCEP CA certificate failed.
    sslmgr-scep-cert-failedSSLMGR generate SCEP certificate failed.
    sslmgr-scep-cert-failedSSLMGR generate SCEP certificate failed.
    sslmgr-scep-cert-failedSSLMGR generate SCEP certificate failed.
    sslmgr-satellite-info-updatedSSLMGR satellite info updated
    sslmgr-cert-gen-failedSSLMGR generate certificate failed.
    sslmgr-ha-full-syncSSLMGR daemon sync to HA peer.
    sslmgr-ha-full-syncSSLMGR daemon sync to HA peer.
    sslmgr-ha-full-syncSSLMGR daemon sync to HA peer.
    ca-session-establishment-successDestination address <addr>, Destination port <port>, Source address <addr>, Source port <port>
    syslog
    Event IDDescription
    syslog-conn-status<syslog-ng message>
    tls
    Event IDDescription
    panos-auth-success<name> Server CN: <name> - [<name>] Connection Successfully established.
    tls-session-disconnectedDevice <name> disconnected from the server
    panorama-auth-success<reason> PAN-OS ver: <version> Panorama ver:<version> Client IP: <ip> Server IP: <ip> Client CN: <name>
    panorama-auth-success<reason> WildFire ver: <version> Panorama ver:<version> Client IP: <ip> Server IP: <ip> Client CN: <name>
    certificate-renewalClient Certificate expiry is under 30 days. Fetch a new certificate from the scep server
    url-filtering
    Event IDDescription
    failed-to-lock-updateFailed to lock URL database update process! Maybe another instance is running.
    download-url-database-successBrightcloud URL database was downloaded successfully
    revert-url-database-successURL filtering database was reverted from version <ver> to version <ver>
    url-database-is-latestURL filtering database version <ver> is already the latest version
    failed-to-lock-downloadFailed to lock URL database update process. Another instance may be running.
    download-url-database-successPAN-DB was downloaded successfully
    load-successIntial PAN-DB activated successfully
    failed-to-lock-downloadPAN-DB download: Failed.
    downloading-url-databaseDownloading full BrightCloud URL database. This can take a long while.
    downloading-url-databaseDownloading full BrightCloud URL database. This can take a long while.
    proxy-connection-failureFailed to connect to proxy server. "Please check if proxy user name and password are "correct.
    receive-data-failureCannot receive data from '<server>:<port>' to download BrightCloud URL database
    proxy-connection-failureFailed to connect to proxy server. "Please check if proxy user name and password are correct.
    proxy-connection-failureCannot connect to proxy server '<server>:<port>' to download BrightCloud URL database
    proxy-connection-failureCannot connect to proxy server '<server>:<port>' to download BrightCloud URL database
    connection-successConnected to Brightcloud update server <name>
    cloud-electionCLOUD ELECTION: <name> IP: <ip> was elected, measured alive test <num>.
    url-engine-stoppedPAN-DB engine stopped.
    url-engine-startsPAN-DB engine started.
    url-engine-stoppedURL filtering engine stopped...
    ha-sync-failureFailed to sync the URL with HA peer.
    starts-from-empty-seedStarting with an empty SEED.
    starts-from-backup-seedStarting with backup seed.
    starts-from-empty-seedStarting with an empty SEED.
    ha-sync-successSuccessfully synced PAN-DB to peer.
    ha-sync-successPAN-DB sync with HA started at <seconds>.
    url-backup-seed-successBackup of PAN-DB finished successfully.
    upgrade-url-database-successPAN-DB was upgraded to version <version>.
    ha-sync-successURL vendor matches and is set to 'PAN-DB'.
    ha-sync-failureNot synching file to peer because mode is not Active-Passive (<mode>).
    ha-sync-failureNo synching file to peer because local state is not Active (<mode>).
    ha-sync-failureNot accepting file from peer local state is not Passive (<mode>).
    ha-sync-failureNo synching file to peer because peer state is not Passive (<mode>).
    userid
    Event IDDescription
    connect-agentRedistribution Agent <name>(vsys<id>): connected to <host>, status <status>, version <num>
    connect-clientCMS Redistribution Client is connected to global collector: <devid> vsys <id>
    connect-clientRedistribution Client is connected to collector <name>: <client>, vsys <id>
    connect-ldap-severldap cfg <name> connected to server <server>
    connect-ldap-severldap cfg <name> connected to server <server>
    connect-agent<agent> <name>(vsys<id>): connected to <name>, status <status>, version <version>
    connect-clientUser-ID Client is connected to collector <name>: "IP <ip> port <num> vsys <num>
    disconnect-clientUser-ID Client is disconnected from collector <name>: "IP <ip> port <num> vsys_id <num>
    disconnect-clientUser-ID Client is disconnected from collector <name>: "IP <ip> port <num> vsys_id <num>
    connect-clientUser-ID Client is connected to collector <name>:<conn_id> vsys_id <id>
    disconnect-clientUser-ID Client is disconnected from collector <name>:<conn_id> vsys_id <id>
    connect-agent<agent_desc> <name>(vsys<id>): connected to <name>, version <id>
    agent-read-log-error<name> failed <num> time(s)
    agent-get-domain-error<name> please check pan-agent log file for actual incorrect DC IP address(es)
    agent-get-groups-error<name> failed <num> time(s)
    agent-get-config-error<name> failed <num> time(s)
    agent-get-users-error<name> failed <num> time(s)
    agent-no-domain<name> failed <num> time(s)
    disconnect-syslogUser-ID Syslog Proxy: Client <name>: disconnected <addr>
    connect-syslogUser-ID Syslog Proxy: Client <name>(vsys<id>): connected <addr>
    disconnect-syslogUser-ID Syslog Proxy: Client <name>: disconnected <addr>
    disconnect-syslogUser-ID Syslog Proxy: Client <name>: disconnected <addr>
    connect-agentPan-TS-Agent <name> disconnected: IP <ip> port <num> vsys<num>
    disconnect-agentPAN-Agent <name> disconnected: IP <ip> port <num> vsys<id>
    agent-status-failureFailed to get status <num> times, connection may be down or protocol mismatch between device and pan-agent
    disconnect-agentUser-ID-Agent <name> disconnected: IP <ip> port <num> vsys<id>
    disconnect-agentUser-ID-Agent <name> disconnected: <conn_str> vsys<id>
    agent-eventUser-ID-Agent <name> event: <type>, name <name>, status <status>, vsys<id>
    agent-status-failureFailed to get status <num> times, connection may be down or protocol mismatch between device and pan-agent
    connect-server-monitorPlease change server monitor(<name>) Transport Protocol from WMI to WinRM for better performance
    connect-server-monitorUser-ID server monitor <name>(vsys<id>): connected to <host>
    connect-server-monitorServer monitor <name>(vsys<id>) is connected
    connect-vm-info-sourcevm-info-source <name>(vsys<id>): Connected to <host>, status <status>
    connect-vm-info-sourcevm-info-source <name>(vsys<id>): Connected to <host>, status <status>
    connect-vm-info-sourcevm-info-source <name>(vsys<id>): connected to <host>, status <status>, version <version>
    disconnect-vm-info-sourcevm-info-source <name>(vsys<id>): disconnected to <host>, status <status>, version <version>
    vm
    Event IDDescription
    dvf-init-succeedVMware dvfilter init succeeded
    vpn
    Event IDDescription
    vpnctl-ike-rekey-event[<name>]: <davici_name>:<value,
    vpnctl-child-updown-event[<name>]: <davici_name>:<value,
    vpnctl-child-rekey-event[<name>]: <davici_name>:<value,
    vpnctl-ike-updown-eventconnction failed, peer <remote_host>, retry <conn_try>
    keymgr-daemon-initKEYMGR daemon is initializing.
    keymgr-daemon-startKEYMGR daemon is ready.
    keymgr-daemon-exitKEYMGR daemon has exited.
    keymgr-flow-full-sync-doneKEYMGR sync all IPSec SA to Flow exit.
    ike-fqdn-changeIKE fqdn mapping is changed
    ike-config-p1-successIKE daemon configuration load phase-1 succeeded.
    ike-config-p1-abortIKE daemon configuration load phase-1 aborted.
    ike-config-p2-successIKE daemon configuration load phase-2 succeeded.
    ike-nego-p1-fail-pskIKE phase-1 negotiation is failed likely due to pre-shared key mismatch.
    ike-nego-p1-fail-pskIKE phase-1 negotiation is failed likely due to pre-shared key mismatch.
    ike-nego-p1-fail-commonIKE phase-1 negotiation is failed_COMM
    ike-nego-p1-fail-commonIKE phase-1 negotiation is failed_COMM
    ike-nego-p1-fail-commonIKE phase-1 negotiation is failed_COMM
    ikev2-nego-child-ts-badIKEv2 child SA negotiation failed when processing traffic selector.
    ikev2-nego-child-ts-badIKEv2 child SA negotiation failed when processing traffic selector.
    ikev2-send-p1-deleteIKEv2 IKE SA delete message sent to peer.
    ike-nego-p1-fail-commonIKE phase-1 negotiation is failed_COMM
    ikev2-nego-use-v1IKEv1 is used in IKEv2 preferred mode.
    ike-nego-p2-stale-p1Deleting a possible stale phase-1 SA.
    ike-nego-p1-startIKE phase-1 negotiation is started
    ike-nego-p1-failIKE phase-1 negotiation is failed
    ike-nego-p1-succIKE phase-1 negotiation is succeeded
    ike-nego-p1-deleteIKE phase-1 SA is deleted
    ike-nego-p1-expireIKE phase-1 SA is expired
    ike-nego-p2-startIKE phase-2 negotiation is started
    ike-nego-p2-failIKE phase-2 negotiation is failed
    ike-nego-p2-succIKE phase-2 negotiation is succeeded
    ipsec-key-installIPSec key installed.
    ipsec-key-deleteIPSec key deleted.
    ipsec-key-expireIPSec key lifetime expired.
    ike-nego-p2-proxy-id-badIKE phase-2 negotiation failed when processing proxy ID.
    ike-nego-p2-proxy-id-badIKE phase-2 negotiation failed when processing proxy ID.
    ike-nego-p2-no-p1IKE phase-2 negotiation request received but no phase-1 SA is found.
    ike-nego-p2-p1-not-readyIKE phase-2 negotiation request received but no active phase-1 SA is available.
    ike-nego-p2-proposal-badIKE phase-2 negotiation failed when processing SA payload.
    ike-nego-p1-fail-commonIKE phase-1 negotiation is failed_COMM
    ike-nego-p1-psk-idtypeIKE phase-1 negotiation is failed. When pre-shared key is used
    ike-nego-p1-fail-pskIKE phase-1 negotiation is failed likely due to pre-shared key mismatch.
    ike-nego-p1-fail-pskIKE phase-1 negotiation is failed likely due to pre-shared key mismatch.
    ike-recv-notifyIKE protocol notification message received:
    ike-recv-p1-deleteIKE protocol phase-1 SA delete message received from peer.
    ike-recv-p2-deleteIKE protocol IPSec SA delete message received from peer.
    ike-send-p1-deleteIKE protocol phase-1 SA delete message sent to peer.
    ike-send-p2-deleteIKE protocol IPSec SA delete message sent to peer.
    ike-send-notifyIKE protocol notification message sent:
    ike-send-notifyIKE protocol notification message sent:
    ike-send-notifyIKE protocol notification message sent:
    ike-nego-p2-dup-rekeyduplicate phase-2 rekey request detected
    ike-nego-p1-cert-succIKE certificate authentication succeeded.
    ike-nego-p1-fail-pskIKE phase-1 negotiation is failed likely due to pre-shared key mismatch.
    ikev2-nego-cert-succIKEv2 certificate authentication succeeded.
    ikev2-nego-fail-pskIKEv2 SA negotiation is failed likely due to pre-shared key mismatch.
    ikev2-send-p2-deleteIKEv2 IPSec SA delete message sent to peer.
    ikev2-nego-child-failIKEv2 child SA negotiation is failed
    ikev2-nego-child-failIKEv2 child SA negotiation is failed
    ikev2-nego-child-failIKEv2 child SA negotiation is failed
    ikev2-nego-child-failIKEv2 child SA negotiation is failed
    ikev2-nego-stale-p2Deleting a possible stale IKEv2 child SA.
    ikev2-nego-fail-commonIKEv2 SA negotiation is failed.
    ike-recv-notifyIKE protocol notification message received:
    ikev2-recv-p1-deleteIKEv2 IKE SA delete message received from peer.
    ikev2-recv-p2-deleteIKEv2 IPSec SA delete message received from peer.
    ikev2-nego-ike-failIKEv2 IKE SA negotiation is failed
    ikev2-nego-ike-startIKEv2 IKE SA negotiation is started
    ikev2-nego-ike-failIKEv2 IKE SA negotiation is failed
    ikev2-nego-ike-succIKEv2 IKE SA negotiation is succeeded
    ikev2-nego-ike-deleteIKEv2 IKE SA is deleted
    ikev2-nego-ike-expireIKEv2 IKE SA is expired
    ikev2-nego-child-startIKEv2 child SA negotiation is started
    ikev2-nego-child-failIKEv2 child SA negotiation is failed
    ikev2-nego-child-succIKEv2 child SA negotiation is succeeded
    ipsec-key-installIPSec key installed.
    ipsec-key-deleteIPSec key deleted.
    ipsec-key-expireIPSec key lifetime expired.
    ikev2-nego-use-v1IKEv1 is used in IKEv2 preferred mode.
    ike-daemon-initIKE daemon is initializing.
    ike-daemon-startIKE daemon is ready.
    ike-daemon-exitIKE daemon has exited.
    wildfire
    Event IDDescription
    wildfire-no-policyWildFire <name> channel disabled. No active WildFire analysis profile to <name> channel.
    wildfire-auth-failedFailed to verify SSL peer's certificate with the certificate authority
    wildfire-appliance
    Event IDDescription
    cluster-mode-changeCluster mode changed to stand_alone
    cluster-mode-changeCluster mode changed to controller
    cluster-mode-changeCluster mode changed to worker
    cluster-mode-changeCluster mode changed to unknown
    cluster-engine-roleCluster engine started as controller.

    Slog

    • Fan Tray is missing, system will power down in <num> seconds if not replaced.
    • <entry> is not present on startup
    • Freeing slot <id>, uid <id> with Force
    • Freeing slot <id>, uid <id> with Non-force
    • Get registration with uid <id> sw_ver <version> slot <id> dp_ip <ip>
    • Allocated slot %d for uid <uid> <id>
    • Device certificate expires in 15 or less days
    • Successfully fetched device certificate from Palo Alto Networks
    • Logd failed to send disconnect to configd for (<id>)
    • Logd blocking customerid (<id>)
    • Logd Unblocking customerid (<id>)
    • Logd failed to send disconnect to configd for (<name>)]
    • Trigger AddrObjRefresh commit for group-mapping
    • Purged mongdb data size (<num> recs) to bring "data size below limit <num>
    • GlobalProtect data file version <version> downloaded from peer device
    • Name resolution takes too long disable name lookup for report <name>
    • Name resolution takes too long disable name for the report <name>
    • The primary user attribute has been changed in one of the group-mapping configuration
    • Captive Portal Client certificate validation failed from <host>. no certificate.
    • Captive Portal Client certificate validation failed from <host<. Certificate does not belong to the Cert Profile chain
    • Captive Portal Client certificate verification for OSCP/CRL failed from <host>.
    • Captive Portal Client certificate is not yet active from <host>.
    • Captive Portal Client certificate has expired from <host>.
    • Captive Portal client certificate authentication successful from <host>
    • <type> authentication succeeded for user: <name> on <host> vsys<id>
    • <type> renew from session cookie for user: <user> on <addr> vsys<id>
    • <type> NTLM authentication failed for user: <user> on <addr> vsys<id>
    • <type> NTLM authentication succeeded for user: <user> on <addr> vsys<id>
    • <type> authentication failed (INVALID) for user: <user> on <ip> vsys<id>
    • <type> authentication failed for user: <name> on <ip> vsys<id>
    • <type> authentication succeeded for user: <name> on <ip> vsys<id>
    • Logd received error response code from http service (<num>) msg size <num> customerid <id> logtype <name> num_rec <num>
    • Logdb downgrade started on <serial> slot <id>.
    • Logdb downgrade completed on <serial> slot <id> in <num> days <num> hours <num> minutes <num> secs.
    • Logdb Migration started on <serial> slot <num>
    • Logdb Migration paused on <serial> slot <num>.
    • Logdb Migration abandoned on <serial> slot <id>.
    • Logdb Migration completed on <serial> slot <id>.
    • Test email sent to <name> successfully for email profile <name>
    • Client certificate verification for OSCP/CRL failed from <host>.
    • Client certificate authentication successful from <host>.
    • Client certificate validation failed from <host>. No https is detected.
    • Client certificate validation failed from <host>. No https is detected.
    • Create system logs
    • Create custom system logs
    • Cluster member <id>, <name> successfully updated for <name> and push enqueued with jobid <id>
    • Cluster member <id>, <name> successfully deleted for <name> and push enqueued with jobid <id>
    • successfully connect to %s:%s:%d
    • Failed connect to %s:%s:%d
    • dsc service is started
    • Identity client received malformed policy recommendation.
    • Identity client received policy recommendation error: %v.
    • Identity client received %v policy recommendation.
    • Identity client failed to get policy recommendation.
    • Icd HA state is changed from %d to %d
    • Icd HA better state is changed from %d to %d
    • failed to retrieve source address with error %d"
    • iot-eal service is started
    • icd service is started
    • gRPC connection to %s is broken, error: %v
    • gRPC connection to %s is established, %s -> %s
    • "gRPC connection to %s is broken, error: %s"
    • Cloud Appid feature is disabled
    • Cloud Appid feature is enabled
    • Cloud Appid %s task[%d] completed, new cloud version: %s, %s",
    • Cloud Appid %s task[%d] failed: %v
    • Cloud App: %s data lost some files, %d -> %d
    • Cloud App: check and restore %s data, type %d.

    © 2024 Palo Alto Networks, Inc. All rights reserved.