Differences

This shows you the differences between two versions of the page.

--- paloaltonetworks:logs:syslog:general [2020/09/15 16:03] – [Medium] bstafford
+++ paloaltonetworks:logs:syslog:general [2022/11/23 12:49] (current) – external edit 127.0.0.1
@@ Line 8: / Line 8: @@
 <code>( subtype eq general ) and ( severity eq informational ) and ( eventid eq general )</code>
 However, it is important to remember that if no description was included then the output will look like
-<code><code>( description contains 'Commit job started processing. Dequeue time=2020/09/03 17:31:26. JobId=85587.User: jbloggs' )</code>
+<code>( description contains 'Commit job started processing. Dequeue time=2020/09/03 17:31:26. JobId=85587.User: jbloggs' )</code>
 ===== System Start and Shutdown =====
@@ Line 26: / Line 26: @@
 <code>( eventid eq general ) and ( description contains 'License for feature pan-url-filtering will expire on 2019/11/13' )</code>
 <code>( eventid eq general ) and ( description contains 'License for feature wildfire will expire on 2019/11/13' )</code>
+<code>( eventid eq general ) and ( description contains 'License for feature dns-security will expire on 2019/11/13' )</code>
+<code>( eventid eq general ) and ( description contains 'License for feature sd-wan will expire on 2019/11/13' )</code>
 <code>( eventid eq general ) and ( description contains 'Out of memory condition detected, kill process 1' )</code>
 <code>( eventid eq general ) and ( description contains 'WildFire update job failed  for user Auto update agent' )</code>
@@ Line 133: / Line 135: @@
 <code>( eventid eq general ) and ( description contains 'HA state set to functional by admin' )</code>
 <code>( eventid eq general ) and ( description contains 'Failed to email PDF reports to \'username1@example.com\' \'username2@example.com\' \'username3@example.com\' for email profile exn-email-server' )</code>
+<code>( eventid eq general ) and ( description contains 'mail send: response timed-out' )</code>
+<code>( eventid eq general ) and ( description contains 'mail send: Socket timeout. host=mail.example.com' )</code>
+<code>( eventid eq general ) and ( description contains 'Configuration partition has exceeded 90 percent of the capacity' )</code>
 ===== Low ======
@@ Line 313: / Line 318: @@
 <code>( eventid eq general ) and ( description contains 'running configuration synchronized with HA peer by admin' )</code>
 <code>( eventid eq general ) and ( description contains 'Session for user svc_ossec via CLI from 192.168.1.1 timed out' )</code>
-<code>( eventid eq general ) and ( description contains 'Succeeded exporting config bundle via ssh to 192.168.1.1. This system is for the use of authorized users only.     ..Individuals using this computer system without authority,..or in excess of their authority, are subject to having   ..all of their activities on this system monitored and     ..recorded by system personnel.....In the course of monitoring individuals improperly using ..this system, or in the course of system maintenance, the ..activities of authorized users may also be monitored.....Anyone ' )</code>
+<code>( eventid eq general ) and ( description contains 'Succeeded exporting config bundle via ssh to 192.168.1.1' )</code>
 <code>( eventid eq general ) and ( description contains 'Succeeded exporting traffic log via ssh (last-calendar-day) to 192.168.1.1' )</code>
 <code>( eventid eq general ) and ( description contains 'Succeeded marking traffic log as exported' )</code>