Critical System Log Messages
Table of Contents
Expand All
|
Collapse All
Next-Generation Firewall Docs
-
-
- Cloud Management of NGFWs
- PAN-OS 10.0 (EoL)
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1 & Later
- PAN-OS 9.1 (EoL)
-
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1 & Later
-
-
-
- Cloud Management and AIOps for NGFW
- PAN-OS 10.0 (EoL)
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1
- PAN-OS 11.2
- PAN-OS 8.1 (EoL)
- PAN-OS 9.0 (EoL)
- PAN-OS 9.1 (EoL)
Critical System Log Messages
E-Log
Log Tags:
- auth
- bfd
- crypto
- dhcp
- dynamic-updates
- fips
- general
- gre
- hw
- ipv6nd
- lacp
- panorama-check
- pbf
- raid
- routing
- satd
- sdwan
- tls
- url-filtering
- userid
- uuid
- vm
- vpn
- wildfire-appliance
auth
Event ID | Message |
---|---|
auth-server-down | 3 tries to bind back to binddn failed: basedn: <name> ; binddn: <name> ; bind_timelimit <num> ; ip: <ip> ; uri: <url> |
edl-cli-auth-failure | EDL server certificate authentication failed. The associated external dynamic list has been removed, which might impact your policy. EDL Name: <name>, EDL Source URL: <url>, CN: <name>, Reason: <reason> |
auth-server-up | <name> auth server <name> is up !!! |
auth-server-down | <name> auth server <name> is down !!! |
create-admin-acct-error | Failed to create local user account for admin user: <name> |
auth-success | When authenticating user '<name>' <remotehost>, a less secure authentication method <proto> is used. Please migrate to PEAP or EAP-TTLS. Authentication Profile '<name>', vsys '<name>', Server Profile '<name>', Server Address '<ip>' |
user-password-change-failed | When authenticating user '<name>' <remotehost>, a less secure authentication method <proto> is used. Please migrate to PEAP or EAP-TTLS. Authentication Profile '<name>', vsys '<name>', Server Profile '<name>', Server Address '<ip>' |
bfd
Event ID | Message |
---|---|
session-state-change | BFD state changed to <name> for BFD session <name> to neighbor <name> on interface <name>. Protocol: <name> |
forward-plane-reset | BFD forwarding plane reset for BFD session <name> to neighbor <name> on interface <name>. Protocol: <name> |
crypto
Event ID | Message |
---|---|
mkey-expiry-reminder | Master key will expire in <num> days <num>h:<num>m:<num>s |
mkey-expiry | Master key expired. Automatically renew master key lifetime enabled. Extend lifetime by <num> days <num> hours |
mkey-expiry | Master key is now expired |
cert-expiry | Shared certificate <name> and corresponding key have expired |
cert-expiry | Certificate <name> and corresponding key in vsys <num> have expired |
HSM-state-change | HSM connectivity is up. Server(s) <ip> |
HSM-state-change | HSM connectivity is down. Server(s) <ip> |
HSM-state-change | HSM connectivity is down. |
deploy-mkey-change | Deploy master-key job was attempted on <num> device(s) |
private-key-export | Private key <entry> was exported by user <name> |
mkey-change | Master key changed by <name>. |
mkey-change | Master key changed by <name> failed |
mkey-change | Master key encryption-level changed by <name> |
mkey-change | Master key encryption-level changed by <name> failed |
dhcp
Event ID | Message |
---|---|
if-clear | DHCP client cleared IP address on interface:<name> due to: Configuration removed |
if-clear | DHCP client cleared IP address on interface:<name> due to: Lease expiry |
if-clear | DHCP client cleared IP address on interface:<name> due to: Release trigger |
if-clear | DHCP client cleared IP address on interface:<name> due to: All Request retries exhausted. |
if-clear | DHCP client cleared IP address on interface:<name> due to: NAK from server |
if-clear | DHCP client cleared IP address on interface:<name> due to: Release initiated due to internal error. Please check for duplicate IPs or overlapping Subnets. |
if-clear | DHCP client cleared IP address on interface:<name> due to: <reason> |
dynamic-updates
Event ID | Message |
---|---|
palo-alto-networks-message | <message> |
fips
Event ID | Message |
---|---|
fips-selftest | FIPS Mode Self-test <description> ..... succeeded |
fips-selftest | FIPS-CC Mode Self-test <description> ..... succeeded |
fips-selftest | FIPS-CC self-tests failed. Entering error state. |
fips-selftest | FIPS-CC self-tests failed. Entering error state. |
fips-entropy-rtciid | RTC-IID Persistent Failure - rebooting... |
fips-selftest-timeout | FIPS failure. <description> failed. |
fips-selftest-integ | FIPS failure. <description> failed. |
fips-selftest-drng | FIPS failure. <description> failed. |
fips-selftest-ndrng | FIPS failure. <description> failed. |
fips-selftest-sha | FIPS failure. <description> failed. |
fips-selftest-hmac | FIPS failure. <description> failed. |
fips-selftest-aes | FIPS failure. <description> failed. |
fips-selftest-des | FIPS failure. <description> failed. |
fips-selftest-rsa | FIPS failure. <description> failed. |
fips-selftest-dsa | FIPS failure. <description> failed. |
fips-selftest-dh-parameter | FIPS failure. <description> failed. |
fips-selftest-dh | FIPS failure. <description> failed. |
fips-selftest-cmac | FIPS failure. <description> failed. |
fips-selftest-drbg | FIPS failure. <description> failed. |
fips-selftest-ecdsa | FIPS failure. <description> failed. |
fips-selftest-ecdh | FIPS failure. <description> failed. |
fips-selftest-timeout | FIPS-CC failure. <description> failed. |
fips-selftest-integ | FIPS-CC failure. <description> failed. |
fips-selftest-drng | FIPS-CC failure. <description> failed. |
fips-selftest-ndrng | FIPS-CC failure. <description> failed. |
fips-selftest-sha | FIPS-CC failure. <description> failed. |
fips-selftest-hmac | FIPS-CC failure. <description> failed. |
fips-selftest-aes | FIPS-CC failure. <description> failed. |
fips-selftest-des | FIPS-CC failure. <description> failed. |
fips-selftest-rsa | FIPS-CC failure. <description> failed. |
fips-selftest-dsa | FIPS-CC failure. <description> failed. |
fips-selftest-dh-parameter | FIPS-CC failure. <description> failed. |
fips-selftest-dh | FIPS-CC failure. <description> failed. |
fips-selftest-cmac | FIPS-CC failure. <description> failed. |
fips-selftest-drbg | FIPS-CC failure. <description> failed. |
fips-selftest-ecdsa | FIPS-CC failure. <description> failed. |
fips-selftest-ecdh | FIPS-CC failure. <description> failed. |
fips-selftest-core | <num> of <num> dataplane processor cores failed verification. |
general
Event ID | Message |
---|---|
general | Slot s<num>: Check/fix volume 'appinfo' path didn't find expected dir. |
gre
Event ID | Message |
---|---|
tunnel-recur-routing | Tunnel intf: <name> is going down due to recursive routing |
tunnel-status-down | Tunnel <name> is going down due to tunnel monitoring failed |
tunnel-status-up | Tunnel <name> is going up |
hw
Event ID | Message |
---|---|
fan-failure | Alarm on Fan Tray #<num> |
ps-failure | Alarm on Power Supply #<num> |
Content Engine Failure | CE10 init failed. |
Content Engine Failure | CA1 init failed. |
insufficient-power | DP power status is bad, shutting system down! |
insufficient-power | CP power status is bad! |
ipv6nd
Event ID | Message |
---|---|
duplicated-IPv6-address-found | IPv6 address <address> on interface <name> is duplicate. IPv6 disabled on the interface. |
duplicated-IPv6-address-found | IPv6 address <address> on interface <name> is duplicate. Address disabled. |
lacp
Event ID | Message |
---|---|
lacp-up | LACP interface <name> moved into AE-group <name>. |
nego-fail | LACP interface <name> moved out of AE-group <name. Selection state <state> |
lost-connectivity | LACP interface <name> moved out of AE-group <name>(lost connectivity to existing peer. Last connected peer port number <port>) |
unresponsive | LACP interface <name> moved out of AE-group <name>(peer is not responding to new LACP connection) |
speed-duplex | LACP interface <name> moved out of AE-group <name>. Selection state <state> |
link-down | LACP interface <name> moved out of AE-group <name>. Selection state <state> |
link-down | LACP interface <name> moved out of AE-group <name>(link-state was manually configured to down) |
nego-fail | LACP interface <name> moved out of AE-group <name>. Selection state <state> |
lacp-down | LACP interface <name> moved out of AE-group <name>. Selection state <state> |
panorama-check
Event ID | Message |
---|---|
panorama-check-test | Panorama connectivity check for <name> failed. Reason: <reason> |
panorama-check-test | Panorama connectivity check for <name> failed. Reason: <reason> |
pbf
Event ID | Message |
---|---|
pbf-fqdn-down | Vsys <id> PBF rule <name> nexthop FQDN <key> is unresolved for IPv4 |
pbf-fqdn-down | Vsys <id> PBF rule <name> nexthop FQDN <key> is unresolved for IPv6 |
pbf-fqdn-down | Vsys <id> PBF rule <name> nexthop FQDN <key> resolved IP <ip> is not in same subnet as interface IP. It will not be used as FQDN nexthop. |
raid
Event ID | Message |
---|---|
pair-disappeared | No Logging Raid Disk Pair Available Notifying HA |
pair-detected | No Logging Raid Disk Pair Available Notifying HA |
routing
Event ID | Message |
---|---|
routed-static-fqdn-down | Routed static fqdn mapping is unresolved |
routed-bgp-fqdn-down | Routed BGP fqdn mapping is unresolved |
path-monitor-recovery | Path monitoring for static route destination <ip> with next hop <name> recovered. Route restored. |
path-monitor-failure | Path monitoring failed for static route destination <ip> with next hop <name>. Route removed. |
satd
Event ID | Message |
---|---|
satd-portal-connect-failed | GlobalProtect Satellite connection to portal failed. |
satd-gateway-connect-failed | GlobalProtect Satellite connection to gateway failed. |
sdwan
Event ID | Message |
---|---|
sdwan-vif-status-up | <vif> is up |
sdwan-vif-status-down | <vif> is down |
tls
Event ID | Message |
---|---|
panos-auth-failure | RADIUS server certification failed. Server: <name>; CRL/OCSP failed, <reason> |
tls-edl-auth-failure | EDL server certificate authentication failed. A local copy of associated external dynamic list will be used, so it won't impact your policy. EDL Name: <name>, EDL Source URL: <url>, CN: <name>, Reason: <reason> |
tls-edl-auth-failure | EDL server certificate authentication failed. The associated external dynamic list has been removed, which might impact your policy. EDL Name: <name>, EDL Source URL: <url>, CN: <name>, Reason: CRL/OCSP check failed, <reason> |
panos-auth-failure | <name> Server CN: <name> Failed to establish connection due to <error> |
panorama-auth-failure | Client authentication failed <error> PAN-OS ver: <version> Panorama ver:<version> Client IP: <ip> Server IP: <ip> Client cert CN: <name> |
panorama-auth-failure | Client identity check failed. PAN-OS ver: <version> Panorama ver: <version> Client IP: <ip> Server IP: <ip> Client Cert CN: <name> |
tls-X509-ocsp-crl-check-failed | Connection to HTTP server(<host>) failed due to server certificate: '<name>' is <reason> |
tls-X509-validation-failed | HTTP server certificate validation failed. Host: <host>, CN: <name>, Reason: <reason> |
mfa-auth-failure | MFA server certification failed. Server: <name>; CRL/OCSP failed, <reason> |
mfa-auth-failure | MFA: server certificate validation failed. Peer: '<name>' Vsys: <id> (<id>:<error>) |
panorama-auth-failure | Client authentication failed <error> Client IP: <ip>:<port> Server IP: <ip>:<port> Client cert CN: <name> |
tls-X509-ocsp-crl-check-failed | Connection to EMAIL server(<host>) failed due to server certificate: '<subject>' is <reason> |
tls-X509-validation-failed | EMAIL server certificate validation failed. Host: <host>, CN: <name>, Reason: <reason> |
url-filtering
Event ID | Message |
---|---|
no-url-database | No URL database! Please download one from 'dynamic update page' |
seed-out-of-sync | PAN-DB seed is out of sync Download of a new seed is required!!! |
startup-failure | Failed to construct the URL DB! |
userid
Event ID | Message |
---|---|
registered-ip-max-platform-limit-exceeded | max registered-ip for the platform reached (<num>) |
registered-ip-update-failure | fail to integrate the update of registered ip addresses since <num> seconds ago |
registered-ip-update-failure | fail to sync the update of registered ip addresses |
registered-ip-update-failure | NSX initial sync request for ip-tag mappings failed after <num> times retry. Suggest a manual sync from panorama. |
registered-ip-update-failure | fail to sync the update of registered ip addresses |
registered-user-max-platform-limit-exceeded | limitation of total registered-user reached (<num>) |
agent-version-mismatch | Device requires protocol ver. <num> "but <name> supports only ver. <num> |
uuid
Event ID | Message |
---|---|
policy-rule-uuid-modified | Policy Rules UUIDs are modified by load using 'Regenerate Rule UUIDs for selected named configuration' option |
vm
Event ID | Message |
---|---|
dvf-init-fail | VMware dvfilter init failed <status> <id> |
dvf-init-fail | VMware dvfilter init dev failed <status> devId <id> status <id> |
vpn
Event ID | Message |
---|---|
ikev2-nego-cert-id-mismatch | IKEv2 SA negotiation failed. |
ike-nego-p1-fail-common | IKE phase-1 negotiation is failed_COMM |
ikev2-nego-ike-fail | IKEv2 IKE SA negotiation is failed |
tunnel-status-up | Tunnel <name> (id:<id>, peer: <peer>) is up |
tunnel-status-down | Tunnel <name> (id:<id>, peer: <peer>) is down |
tunnel-status-up | Tunnel <name> is up |
tunnel-status-down | Tunnel <name> is down |
wildfire-appliance
Event ID | Message |
---|---|
cluster-entered-split-brain | Cluster enters split-brain mode. |
cluster-entered-split-brain | Cluster leaves split-brain mode. |
cluster-entered-split-brain | Cluster leaves split-brain mode. |
Slog
- Chassis Master Alarm: Cleared
- Chassis Master Alarm: <name>
- Fan Tray <id>, Fan <id> failed!
- Fan Zone <id> failed, shutting down!
- Fan Tray <id>, Fan <id> failed!
- Fan Zone <id> failed shutting down!
- System is powering itself down due to missing fan tray.
- No Raid Disk Pair Available, rebooting!
- Thermal alarm on slot <id>
- Shutting down system for thermal temperature.
- Shutting down the system for slot <id> thermal temperature.
- Shutting down slot <id> for thermal temperature.
- SW version doesn't match, MP software version <version>, DP software version <version>
- Release slot failed.
- Slot allocation failed
- Successfully renewed device certificate
- Successfully removed device certificate
- Out of memory condition detected, kill process <id>
- Device certificate status: <num>. It cannot be renewed
- LP shmgr memory map is out of sync
- intelligent-traffic-offload license expired
- User-ID manager was reset. Commit is required to reinitialize User-ID
- Traffic and logging resumed
- Traffic and logging suspended due to unexported logs
- Traffic and logging are suspended since traffic-stop-on-logdb-full feature has been enabled
- Audit storage for <name> logs is full. No new traffic sessions will be accepted until disk space is freed up
- Minimum Retention Period (<num> days) Violated for segnum:<num> type:<name>