Differences

This shows you the differences between two versions of the page.

--- paloaltonetworks:logs:syslog:ha [2020/06/04 07:59] – created bstafford
+++ paloaltonetworks:logs:syslog:ha [2022/11/23 12:49] (current) – external edit 127.0.0.1
@@ Line 2: / Line 2: @@
 ===== Critical ======
-<code>( subtype eq vpn ) and ( severity eq critical )</code>
+<code>( subtype eq ha ) and ( severity eq critical )</code>
-<code>( eventid eq connect-change ) and ( description contains 'HA1 connection down' ) [Panorama]
+Panorama
-<code>( eventid eq connect-change ) and ( description contains 'HA Group 1: HA1 connection down' ) [Firewall]
+<code>( eventid eq connect-change ) and ( description contains 'HA1 connection down' )</code>
+Firewall
+<code>( eventid eq dataplane-down ) and ( description contains 'HA Group 1: Dataplane is down: too many dataplane processes exited' )</code>
+<code>( eventid eq dataplane-down ) and ( description contains 'HA Group 1: Dataplane is down: dataplane exit failure' )</code>
+<code>( eventid eq connect-change ) and ( description contains 'HA Group 1: HA1 connection down' )</code>
 <code>( eventid eq connect-change ) and ( description contains 'HA Group 1: Control link running on HA1-Backup connection' )</code>
 <code>( eventid eq connect-change ) and ( description contains 'HA Group 1: All HA1 connections down' )</code>
@@ Line 10: / Line 14: @@
 <code>( eventid eq state-change ) and ( description contains 'HA Group 1: Moved from state Active-Primary to state Non-Functional' )</code>
 <code>( eventid eq state-change ) and ( description contains 'HA Group 1: Moved from state Active-Secondary to state Non-Functional' )</code>
-<code>( eventid eq state-override ) and ( description contains 'HA peer determined to be Active through managed devices; staying in Passive state' ) [Panorama Secondary]
+Panorama Secondary
-<code>( eventid eq state-override ) and ( description contains 'HA peer determined to be Active through managed devices; going to Passive state' ) [Panorama Secondary]
+<code>( eventid eq state-override ) and ( description contains 'HA peer determined to be Active through managed devices; staying in Passive state' )</code>
-<code>( eventid eq split-brain ) and ( description contains 'HA Group 1: Going to Active-Secondary state due to split-brain recovery (split-brain duration: 448s)' ) [Firewall Active Secondary]
+Panorama Secondary
-<code>( eventid eq split-brain ) and ( description contains 'Going to Passive state due to split-brain recovery (split-brain duration: 4s)' ) [Panorama Secondary]
+<code>( eventid eq state-override ) and ( description contains 'HA peer determined to be Active through managed devices; going to Passive state' )</code>
-<code>( eventid eq peer-split-brain ) and ( description contains 'Staying in Active state after split-brain recovery (split-brain duration: 5979s)' ) [Panorama Primary]
+Firewall Active Secondary
-<code>( eventid eq peer-split-brain ) and ( description contains 'HA Group 1: Staying in Active-Primary state after split-brain recovery (split-brain duration: 6s)' ) [Firewall Primary]
+<code>( eventid eq split-brain ) and ( description contains 'HA Group 1: Going to Active-Secondary state due to split-brain recovery (split-brain duration: 448s)' )</code>
+Panorama Secondary
+<code>( eventid eq split-brain ) and ( description contains 'Going to Passive state due to split-brain recovery (split-brain duration: 4s)' )</code>
+Panorama Primary
+<code>( eventid eq peer-split-brain ) and ( description contains 'Staying in Active state after split-brain recovery (split-brain duration: 5979s)' )</code>
+Firewall Primary
+<code>( eventid eq peer-split-brain ) and ( description contains 'HA Group 1: Staying in Active-Primary state after split-brain recovery (split-brain duration: 6s)' )</code>
 <code>( eventid eq peer-sync-failure ) and ( description contains 'HA Group 1: Can\'t synchronize control plane data; some state may be lost on switchover' )</code>
-<code>( eventid eq peer-compat-mismatch ) and ( description contains 'HA Group 1: Peer device session load sharing configuration not matching' ) [Firewall Secondary]
+Firewall Secondary
+<code>( eventid eq peer-compat-mismatch ) and ( description contains 'HA Group 1: Peer device session load sharing configuration not matching' )</code>
 <code>( eventid eq ha2-keep-alive ) and ( description contains 'HA Group 1: Local HA2 keep-alive down' )</code>
 <code>( eventid eq ha2-keep-alive ) and ( description contains 'HA Group 1: All HA2 keep-alives are down; ignoring failure in HA2-keep-alive monitor hold' )</code>
@@ Line 31: / Line 42: @@
 ===== High ======
-<code>( subtype eq vpn ) and ( severity eq high )</code>
+<code>( subtype eq ha ) and ( severity eq high )</code>
 <code>( eventid eq ha1-link-change ) and ( description contains 'HA1-Backup link down' )</code>
 <code>( eventid eq ha1-link-change ) and ( description contains 'HA1-Backup peer link down' )</code>
@@ Line 49: / Line 60: @@
 ===== Informational ======
-<code>( subtype eq vpn ) and ( severity eq informational )</code>
+<code>( subtype eq ha ) and ( severity eq informational )</code>
 <code>( eventid eq state-change ) and ( description contains 'Moved from state Initial to state Active' )</code>
@@ Line 79: / Line 90: @@
 <code>( eventid eq peer-version-match ) and ( description contains 'Build Release version now matches' )</code>
 <code>( eventid eq peer-version-match ) and ( description contains 'Peer device running a compatibile but different version 8.1.10' )</code>
-<code>( eventid eq peer-version-match ) and ( description contains 'Application Content version mismatch due to device update' ) [Panorama]
+Panorama
-<code>( eventid eq peer-version-match ) and ( description contains 'Application Content version now matches' ) [Panorama]
+<code>( eventid eq peer-version-match ) and ( description contains 'Application Content version mismatch due to device update' )</code>
-<code>( eventid eq peer-version-match ) and ( description contains 'Anti-Virus version mismatch due to device update' ) [Panorama]
+Panorama
-<code>( eventid eq peer-version-match ) and ( description contains 'Anti-Virus version mismatch due to device update' ) [Panorama]
+<code>( eventid eq peer-version-match ) and ( description contains 'Application Content version now matches' )</code>
+Panorama
+<code>( eventid eq peer-version-match ) and ( description contains 'Anti-Virus version mismatch due to device update' )</code>
+Panorama
+<code>( eventid eq peer-version-match ) and ( description contains 'Anti-Virus version mismatch due to device update' )</code>
 <code>( eventid eq config-not-synch ) and ( description contains 'HA Group 1: Commit on local device succeeded; configuration-synchronization disabled, running configuration not synchronized to peer' )</code>
 <code>( eventid eq preempt ) and ( description contains 'HA Group 1: Going to Active-Secondary state due to preemption' )</code>