>
    Critical System Log Messages
    Focus
    Download PDF
    Focus
    1. Home
    2. PAN-OS
    3. Monitoring
    4. Use Syslog for Monitoring
    5. Syslog Severity Reference
    6. Critical System Log Messages
    Download PDF

    Critical System Log Messages

    Table of Contents

    Critical System Log Messages

    E-Log

    Log Tags:
    auth
    Event IDMessage
    auth-server-down3 tries to bind back to binddn failed: basedn: <name> ; binddn: <name> ; bind_timelimit <num> ; ip: <ip> ; uri: <url>
    edl-cli-auth-failureEDL server certificate authentication failed. The associated external dynamic list has been removed, which might impact your policy. EDL Name: <name>, EDL Source URL: <url>, CN: <name>, Reason: <reason>
    auth-server-up<name> auth server <name> is up !!!
    auth-server-down<name> auth server <name> is down !!!
    create-admin-acct-errorFailed to create local user account for admin user: <name>
    auth-successWhen authenticating user '<name>' <remotehost>, a less secure authentication method <proto> is used. Please migrate to PEAP or EAP-TTLS. Authentication Profile '<name>', vsys '<name>', Server Profile '<name>', Server Address '<ip>'
    user-password-change-failedWhen authenticating user '<name>' <remotehost>, a less secure authentication method <proto> is used. Please migrate to PEAP or EAP-TTLS. Authentication Profile '<name>', vsys '<name>', Server Profile '<name>', Server Address '<ip>'
    bfd
    Event IDMessage
    session-state-changeBFD state changed to <name> for BFD session <name> to neighbor <name> on interface <name>. Protocol: <name>
    forward-plane-resetBFD forwarding plane reset for BFD session <name> to neighbor <name> on interface <name>. Protocol: <name>
    crypto
    Event IDMessage
    mkey-expiry-reminderMaster key will expire in <num> days <num>h:<num>m:<num>s
    mkey-expiryMaster key expired. Automatically renew master key lifetime enabled. Extend lifetime by <num> days <num> hours
    mkey-expiryMaster key is now expired
    cert-expiryShared certificate <name> and corresponding key have expired
    cert-expiryCertificate <name> and corresponding key in vsys <num> have expired
    HSM-state-changeHSM connectivity is up. Server(s) <ip>
    HSM-state-changeHSM connectivity is down. Server(s) <ip>
    HSM-state-changeHSM connectivity is down.
    deploy-mkey-changeDeploy master-key job was attempted on <num> device(s)
    private-key-exportPrivate key <entry> was exported by user <name>
    mkey-changeMaster key changed by <name>.
    mkey-changeMaster key changed by <name> failed
    mkey-changeMaster key encryption-level changed by <name>
    mkey-changeMaster key encryption-level changed by <name> failed
    dhcp
    Event IDMessage
    if-clearDHCP client cleared IP address on interface:<name> due to: Configuration removed
    if-clearDHCP client cleared IP address on interface:<name> due to: Lease expiry
    if-clearDHCP client cleared IP address on interface:<name> due to: Release trigger
    if-clearDHCP client cleared IP address on interface:<name> due to: All Request retries exhausted.
    if-clearDHCP client cleared IP address on interface:<name> due to: NAK from server
    if-clearDHCP client cleared IP address on interface:<name> due to: Release initiated due to internal error. Please check for duplicate IPs or overlapping Subnets.
    if-clearDHCP client cleared IP address on interface:<name> due to: <reason>
    dynamic-updates
    Event IDMessage
    palo-alto-networks-message<message>
    fips
    Event IDMessage
    fips-selftestFIPS Mode Self-test <description> ..... succeeded
    fips-selftestFIPS-CC Mode Self-test <description> ..... succeeded
    fips-selftestFIPS-CC self-tests failed. Entering error state.
    fips-selftestFIPS-CC self-tests failed. Entering error state.
    fips-entropy-rtciidRTC-IID Persistent Failure - rebooting...
    fips-selftest-timeoutFIPS failure. <description> failed.
    fips-selftest-integFIPS failure. <description> failed.
    fips-selftest-drngFIPS failure. <description> failed.
    fips-selftest-ndrngFIPS failure. <description> failed.
    fips-selftest-shaFIPS failure. <description> failed.
    fips-selftest-hmacFIPS failure. <description> failed.
    fips-selftest-aesFIPS failure. <description> failed.
    fips-selftest-desFIPS failure. <description> failed.
    fips-selftest-rsaFIPS failure. <description> failed.
    fips-selftest-dsaFIPS failure. <description> failed.
    fips-selftest-dh-parameterFIPS failure. <description> failed.
    fips-selftest-dhFIPS failure. <description> failed.
    fips-selftest-cmacFIPS failure. <description> failed.
    fips-selftest-drbgFIPS failure. <description> failed.
    fips-selftest-ecdsaFIPS failure. <description> failed.
    fips-selftest-ecdhFIPS failure. <description> failed.
    fips-selftest-timeoutFIPS-CC failure. <description> failed.
    fips-selftest-integFIPS-CC failure. <description> failed.
    fips-selftest-drngFIPS-CC failure. <description> failed.
    fips-selftest-ndrngFIPS-CC failure. <description> failed.
    fips-selftest-shaFIPS-CC failure. <description> failed.
    fips-selftest-hmacFIPS-CC failure. <description> failed.
    fips-selftest-aesFIPS-CC failure. <description> failed.
    fips-selftest-desFIPS-CC failure. <description> failed.
    fips-selftest-rsaFIPS-CC failure. <description> failed.
    fips-selftest-dsaFIPS-CC failure. <description> failed.
    fips-selftest-dh-parameterFIPS-CC failure. <description> failed.
    fips-selftest-dhFIPS-CC failure. <description> failed.
    fips-selftest-cmacFIPS-CC failure. <description> failed.
    fips-selftest-drbgFIPS-CC failure. <description> failed.
    fips-selftest-ecdsaFIPS-CC failure. <description> failed.
    fips-selftest-ecdhFIPS-CC failure. <description> failed.
    fips-selftest-core<num> of <num> dataplane processor cores failed verification.
    general
    Event IDMessage
    generalSlot s<num>: Check/fix volume 'appinfo' path didn't find expected dir.
    gre
    Event IDMessage
    tunnel-recur-routingTunnel intf: <name> is going down due to recursive routing
    tunnel-status-downTunnel <name> is going down due to tunnel monitoring failed
    tunnel-status-upTunnel <name> is going up
    hw
    Event IDMessage
    fan-failureAlarm on Fan Tray #<num>
    ps-failureAlarm on Power Supply #<num>
    Content Engine FailureCE10 init failed.
    Content Engine FailureCA1 init failed.
    insufficient-powerDP power status is bad, shutting system down!
    insufficient-powerCP power status is bad!
    ipv6nd
    Event IDMessage
    duplicated-IPv6-address-foundIPv6 address <address> on interface <name> is duplicate. IPv6 disabled on the interface.
    duplicated-IPv6-address-foundIPv6 address <address> on interface <name> is duplicate. Address disabled.
    lacp
    Event IDMessage
    lacp-upLACP interface <name> moved into AE-group <name>.
    nego-failLACP interface <name> moved out of AE-group <name. Selection state <state>
    lost-connectivityLACP interface <name> moved out of AE-group <name>(lost connectivity to existing peer. Last connected peer port number <port>)
    unresponsiveLACP interface <name> moved out of AE-group <name>(peer is not responding to new LACP connection)
    speed-duplexLACP interface <name> moved out of AE-group <name>. Selection state <state>
    link-downLACP interface <name> moved out of AE-group <name>. Selection state <state>
    link-downLACP interface <name> moved out of AE-group <name>(link-state was manually configured to down)
    nego-failLACP interface <name> moved out of AE-group <name>. Selection state <state>
    lacp-downLACP interface <name> moved out of AE-group <name>. Selection state <state>
    panorama-check
    Event IDMessage
    panorama-check-testPanorama connectivity check for <name> failed. Reason: <reason>
    panorama-check-testPanorama connectivity check for <name> failed. Reason: <reason>
    pbf
    Event IDMessage
    pbf-fqdn-downVsys <id> PBF rule <name> nexthop FQDN <key> is unresolved for IPv4
    pbf-fqdn-downVsys <id> PBF rule <name> nexthop FQDN <key> is unresolved for IPv6
    pbf-fqdn-downVsys <id> PBF rule <name> nexthop FQDN <key> resolved IP <ip> is not in same subnet as interface IP. It will not be used as FQDN nexthop.
    raid
    Event IDMessage
    pair-disappearedNo Logging Raid Disk Pair Available Notifying HA
    pair-detectedNo Logging Raid Disk Pair Available Notifying HA
    routing
    Event IDMessage
    routed-static-fqdn-downRouted static fqdn mapping is unresolved
    routed-bgp-fqdn-downRouted BGP fqdn mapping is unresolved
    path-monitor-recoveryPath monitoring for static route destination <ip> with next hop <name> recovered. Route restored.
    path-monitor-failurePath monitoring failed for static route destination <ip> with next hop <name>. Route removed.
    satd
    Event IDMessage
    satd-portal-connect-failedGlobalProtect Satellite connection to portal failed.
    satd-gateway-connect-failedGlobalProtect Satellite connection to gateway failed.
    sdwan
    Event IDMessage
    sdwan-vif-status-up<vif> is up
    sdwan-vif-status-down<vif> is down
    tls
    Event IDMessage
    panos-auth-failureRADIUS server certification failed. Server: <name>; CRL/OCSP failed, <reason>
    tls-edl-auth-failureEDL server certificate authentication failed. A local copy of associated external dynamic list will be used, so it won't impact your policy. EDL Name: <name>, EDL Source URL: <url>, CN: <name>, Reason: <reason>
    tls-edl-auth-failureEDL server certificate authentication failed. The associated external dynamic list has been removed, which might impact your policy. EDL Name: <name>, EDL Source URL: <url>, CN: <name>, Reason: CRL/OCSP check failed, <reason>
    panos-auth-failure<name> Server CN: <name> Failed to establish connection due to <error>
    panorama-auth-failureClient authentication failed <error> PAN-OS ver: <version> Panorama ver:<version> Client IP: <ip> Server IP: <ip> Client cert CN: <name>
    panorama-auth-failureClient identity check failed. PAN-OS ver: <version> Panorama ver: <version> Client IP: <ip> Server IP: <ip> Client Cert CN: <name>
    tls-X509-ocsp-crl-check-failedConnection to HTTP server(<host>) failed due to server certificate: '<name>' is <reason>
    tls-X509-validation-failedHTTP server certificate validation failed. Host: <host>, CN: <name>, Reason: <reason>
    mfa-auth-failureMFA server certification failed. Server: <name>; CRL/OCSP failed, <reason>
    mfa-auth-failureMFA: server certificate validation failed. Peer: '<name>' Vsys: <id> (<id>:<error>)
    panorama-auth-failureClient authentication failed <error> Client IP: <ip>:<port> Server IP: <ip>:<port> Client cert CN: <name>
    tls-X509-ocsp-crl-check-failedConnection to EMAIL server(<host>) failed due to server certificate: '<subject>' is <reason>
    tls-X509-validation-failedEMAIL server certificate validation failed. Host: <host>, CN: <name>, Reason: <reason>
    url-filtering
    Event IDMessage
    no-url-databaseNo URL database! Please download one from 'dynamic update page'
    seed-out-of-syncPAN-DB seed is out of sync Download of a new seed is required!!!
    startup-failureFailed to construct the URL DB!
    userid
    Event IDMessage
    registered-ip-max-platform-limit-exceededmax registered-ip for the platform reached (<num>)
    registered-ip-update-failurefail to integrate the update of registered ip addresses since <num> seconds ago
    registered-ip-update-failurefail to sync the update of registered ip addresses
    registered-ip-update-failureNSX initial sync request for ip-tag mappings failed after <num> times retry. Suggest a manual sync from panorama.
    registered-ip-update-failurefail to sync the update of registered ip addresses
    registered-user-max-platform-limit-exceededlimitation of total registered-user reached (<num>)
    agent-version-mismatchDevice requires protocol ver. <num> "but <name> supports only ver. <num>
    uuid
    Event IDMessage
    policy-rule-uuid-modifiedPolicy Rules UUIDs are modified by load using 'Regenerate Rule UUIDs for selected named configuration' option
    vm
    Event IDMessage
    dvf-init-failVMware dvfilter init failed <status> <id>
    dvf-init-failVMware dvfilter init dev failed <status> devId <id> status <id>
    vpn
    Event IDMessage
    ikev2-nego-cert-id-mismatchIKEv2 SA negotiation failed.
    ike-nego-p1-fail-commonIKE phase-1 negotiation is failed_COMM
    ikev2-nego-ike-failIKEv2 IKE SA negotiation is failed
    tunnel-status-upTunnel <name> (id:<id>, peer: <peer>) is up
    tunnel-status-downTunnel <name> (id:<id>, peer: <peer>) is down
    tunnel-status-upTunnel <name> is up
    tunnel-status-downTunnel <name> is down
    wildfire-appliance
    Event IDMessage
    cluster-entered-split-brainCluster enters split-brain mode.
    cluster-entered-split-brainCluster leaves split-brain mode.
    cluster-entered-split-brainCluster leaves split-brain mode.

    Slog

    • Chassis Master Alarm: Cleared
    • Chassis Master Alarm: <name>
    • Fan Tray <id>, Fan <id> failed!
    • Fan Zone <id> failed, shutting down!
    • Fan Tray <id>, Fan <id> failed!
    • Fan Zone <id> failed shutting down!
    • System is powering itself down due to missing fan tray.
    • No Raid Disk Pair Available, rebooting!
    • Thermal alarm on slot <id>
    • Shutting down system for thermal temperature.
    • Shutting down the system for slot <id> thermal temperature.
    • Shutting down slot <id> for thermal temperature.
    • SW version doesn't match, MP software version <version>, DP software version <version>
    • Release slot failed.
    • Slot allocation failed
    • Successfully renewed device certificate
    • Successfully removed device certificate
    • Out of memory condition detected, kill process <id>
    • Device certificate status: <num>. It cannot be renewed
    • LP shmgr memory map is out of sync
    • intelligent-traffic-offload license expired
    • User-ID manager was reset. Commit is required to reinitialize User-ID
    • Traffic and logging resumed
    • Traffic and logging suspended due to unexported logs
    • Traffic and logging are suspended since traffic-stop-on-logdb-full feature has been enabled
    • Audit storage for <name> logs is full. No new traffic sessions will be accepted until disk space is freed up
    • Minimum Retention Period (<num> days) Violated for segnum:<num> type:<name>

    © 2024 Palo Alto Networks, Inc. All rights reserved.