Saucepan

User Tools

Site Tools

Trace: internal_tld sizing ipv4 firewall_rules vmware_custom_certificate cisco_custom_certificate bind_configure_guide best_practice dig ha
paloaltonetworks:logs:syslog:ha

Table of Contents

HA System Logs

Critical

( subtype eq ha ) and ( severity eq critical )

Panorama 

( eventid eq connect-change ) and ( description contains 'HA1 connection down' )

Firewall 

( eventid eq dataplane-down ) and ( description contains 'HA Group 1: Dataplane is down: too many dataplane processes exited' )
( eventid eq dataplane-down ) and ( description contains 'HA Group 1: Dataplane is down: dataplane exit failure' )
( eventid eq connect-change ) and ( description contains 'HA Group 1: HA1 connection down' )
( eventid eq connect-change ) and ( description contains 'HA Group 1: Control link running on HA1-Backup connection' )
( eventid eq connect-change ) and ( description contains 'HA Group 1: All HA1 connections down' )
( eventid eq state-change ) and ( description contains 'HA Group 1: Moved from state Active-Primary to state Tentative' )
( eventid eq state-change ) and ( description contains 'HA Group 1: Moved from state Active-Primary to state Non-Functional' )
( eventid eq state-change ) and ( description contains 'HA Group 1: Moved from state Active-Secondary to state Non-Functional' )

Panorama Secondary 

( eventid eq state-override ) and ( description contains 'HA peer determined to be Active through managed devices; staying in Passive state' )

Panorama Secondary 

( eventid eq state-override ) and ( description contains 'HA peer determined to be Active through managed devices; going to Passive state' )

Firewall Active Secondary 

( eventid eq split-brain ) and ( description contains 'HA Group 1: Going to Active-Secondary state due to split-brain recovery (split-brain duration: 448s)' )

Panorama Secondary 

( eventid eq split-brain ) and ( description contains 'Going to Passive state due to split-brain recovery (split-brain duration: 4s)' )

Panorama Primary 

( eventid eq peer-split-brain ) and ( description contains 'Staying in Active state after split-brain recovery (split-brain duration: 5979s)' )

Firewall Primary 

( eventid eq peer-split-brain ) and ( description contains 'HA Group 1: Staying in Active-Primary state after split-brain recovery (split-brain duration: 6s)' )
( eventid eq peer-sync-failure ) and ( description contains 'HA Group 1: Can\'t synchronize control plane data; some state may be lost on switchover' )

Firewall Secondary 

( eventid eq peer-compat-mismatch ) and ( description contains 'HA Group 1: Peer device session load sharing configuration not matching' )
( eventid eq ha2-keep-alive ) and ( description contains 'HA Group 1: Local HA2 keep-alive down' )
( eventid eq ha2-keep-alive ) and ( description contains 'HA Group 1: All HA2 keep-alives are down; ignoring failure in HA2-keep-alive monitor hold' )
( eventid eq ha2-keep-alive ) and ( description contains 'HA Group 1: All HA2 keep-alives are down; turning off state-synchronization' )
( eventid eq ha2-keep-alive ) and ( description contains 'HA Group 1: Peer HA2 keep-alive down' )
( eventid eq ha2-keep-alive ) and ( description contains 'HA Group 1: Local HA2 keep-alive down' )
( eventid eq ha2-link-change ) and ( description contains 'All HA2 links down' )
( eventid eq ha2-link-change ) and ( description contains 'HA2 link down' )
( eventid eq ha3-link-change )
( eventid eq path-monitor-down ) and ( description contains 'HA Group 1: Path group \'GRPNAME\' failure; all destination IPs are down' )
( eventid eq config-failure ) and ( description contains 'HA Group 10: Running configuration not synchronized after failure' )

High

( subtype eq ha ) and ( severity eq high )
( eventid eq ha1-link-change ) and ( description contains 'HA1-Backup link down' )
( eventid eq ha1-link-change ) and ( description contains 'HA1-Backup peer link down' )
( eventid eq ha2-link-change ) and ( description contains 'HA2 peer link down' )
( eventid eq ha2-link-change ) and ( description contains 'HA2-Backup peer link down' )
( eventid eq state-change ) and ( description contains 'Moved from state Passive to state Active' )
( eventid eq state-change ) and ( description contains 'HA Group 1: Moved from state Active-Primary to state Active-Secondary' )
( eventid eq state-change ) and ( description contains 'HA Group 1: Moved from state Active-Secondary to state Active-Primary' )
( eventid eq state-change ) and ( description contains 'HA Group 1: Moved from state Non-Functional to state Tentative' )
( eventid eq connect-change ) and ( description contains 'HA Group 1: HA1-Backup connection down' )
( eventid eq session-synch ) and ( description contains 'HA Group 1: Ignoring session synchronization due to HA2-unavailable' )
( eventid eq session-synch ) and ( description contains 'HA Group 1: Ignoring session synchronization due to compatibility mismatch' )
( eventid eq config-not-synch ) and ( description contains 'HA Group 1: Commit on local device with running configuration not synchronized; synchronize manually' )
( eventid eq config-not-synch ) and ( description contains 'Commit on peer device with running configuration not synchronized; synchronize manually' )
( eventid eq path-monitor-down ) and ( description contains 'HA Group 1: Path group \'GRPNAME\' destination IP \'8.8.4.4\' is down' )

Informational

( subtype eq ha ) and ( severity eq informational )
( eventid eq state-change ) and ( description contains 'Moved from state Initial to state Active' )
( eventid eq state-change ) and ( description contains 'Moved from state Initial to state Passive' )
( eventid eq state-change ) and ( description contains 'Moved from state Active to state Suspended' )
( eventid eq state-change ) and ( description contains 'Moved from state Passive to state Suspended' )
( eventid eq state-change ) and ( description contains 'HA Group 1: Moved from state Tentative to state Active-Secondary' )
( eventid eq state-change ) and ( description contains 'HA Group 1: Moved from state Active-Secondary to state Suspended' )
( eventid eq state-change ) and ( description contains 'HA Group 1: Moved from state Initial to state Active-Primary' )
( eventid eq state-change ) and ( description contains 'HA Group 1: Moved from state Non-Functional to state Active-Primary' )
( eventid eq state-change ) and ( description contains 'HA Group 1: Moved from state Active-Primary to state Suspended' )
( eventid eq connect-change ) and ( description contains 'HA Group 1: HA1 connection up' )
( eventid eq connect-change ) and ( description contains 'HA Group 1: HA1-Backup connection up' )
( eventid eq connect-change ) and ( description contains 'HA Group 1: Control link running on HA1 connection' )
( eventid eq peer-compat-match ) and ( description contains 'HA Group 1: Peer device configuration now compatible' )
( eventid eq peer-version-match ) and ( description contains 'HA Group 1: Application Content version now matches' )
( eventid eq peer-version-match ) and ( description contains 'HA Group 1: Threat Content version now matches' )
( eventid eq peer-version-match ) and ( description contains 'HA Group 1: Anti-Virus version now matches' )
( eventid eq peer-version-match ) and ( description contains 'HA Group 1: URL Database version now matches' )
( eventid eq peer-version-match ) and ( description contains 'HA Group 1: URL Vendor version now matches' )
( eventid eq peer-version-match ) and ( description contains 'HA Group 1: Global Protect Client Software version now matches' )
( eventid eq peer-version-match ) and ( description contains 'HA Group 1: URL Database version now matches' )
( eventid eq peer-version-match ) and ( description contains 'HA Group 1: VPN Client Software version now matches' )
( eventid eq peer-version-match ) and ( description contains 'HA Group 1: Application Content version mismatch due to device update' )
( eventid eq peer-version-match ) and ( description contains 'HA Group 1: Threat Content version mismatch due to device update' )
( eventid eq peer-version-match ) and ( description contains 'HA Group 1: Anti-Virus version mismatch due to device update' )
( eventid eq peer-version-match ) and ( description contains 'URL Vendor version now matches' )
( eventid eq peer-version-match ) and ( description contains 'Build Release version now matches' )
( eventid eq peer-version-match ) and ( description contains 'Peer device running a compatibile but different version 8.1.10' )

Panorama 

( eventid eq peer-version-match ) and ( description contains 'Application Content version mismatch due to device update' )

Panorama 

( eventid eq peer-version-match ) and ( description contains 'Application Content version now matches' )

Panorama 

( eventid eq peer-version-match ) and ( description contains 'Anti-Virus version mismatch due to device update' )

Panorama 

( eventid eq peer-version-match ) and ( description contains 'Anti-Virus version mismatch due to device update' )
( eventid eq config-not-synch ) and ( description contains 'HA Group 1: Commit on local device succeeded; configuration-synchronization disabled, running configuration not synchronized to peer' )
( eventid eq preempt ) and ( description contains 'HA Group 1: Going to Active-Secondary state due to preemption' )
( eventid eq preempt ) and ( description contains 'Going to Passive state due to preemption' )
( eventid eq session-synch ) and ( description contains 'HA Group 1: Starting session synchronization with peer' )
( eventid eq session-synch ) and ( description contains 'HA Group 1: Starting session synchronization with peer on slots 1 ' )
( eventid eq session-synch ) and ( description contains 'HA Group 1: Completed session synchronization with peer' )
( eventid eq session-synch ) and ( description contains 'HA Group 1: Session synchronization with peer never completed; HA1-peer-disconnected' )
( eventid eq session-synch ) and ( description contains 'HA Group 1: Session synchronization with peer never completed; HA2-unavailable' )
( eventid eq ha2-keep-alive ) and ( description contains 'HA Group 1: Local HA2 keep-alive up' )
( eventid eq ha2-keep-alive ) and ( description contains 'HA Group 1: Peer HA2 keep-alive up' )
( eventid eq ha1-link-change ) and ( description contains 'HA1 link up' )
( eventid eq ha1-link-change ) and ( description contains 'HA1 peer link up' )
( eventid eq ha1-link-change ) and ( description contains 'HA1-Backup link up' )
( eventid eq ha1-link-change ) and ( description contains 'HA1-Backup peer link up' )
( eventid eq ha2-link-change ) and ( description contains 'HA2 link up' )
( eventid eq ha2-link-change ) and ( description contains 'HA2 peer link up' )
( eventid eq ha2-link-change ) and ( description contains 'HA2-Backup link up' )
( eventid eq ha2-link-change ) and ( description contains 'HA2-Backup peer link up' )
( eventid eq ha3-link-change ) and ( description contains 'HA3 link up' )
( eventid eq ha3-link-change ) and ( description contains 'HA3 peer link up' )
paloaltonetworks/logs/syslog/ha.txt · Last modified: by 127.0.0.1