Saucepan

User Tools

Site Tools

Trace: pan_configurator multicast fips sfp threat-logs azure stats_dump aws_transit_gateway multi_vsys userid
paloaltonetworks:logs:syslog:userid

This is an old revision of the document!

Table of Contents

User-ID Syslogs

Critical

( subtype eq userid ) and ( severity eq critical )
( eventid eq registered-ip-max-platform-limit-exceeded ) and ( description contains 'max registered-ip for the platform reached (1000)' )

High

( subtype eq userid ) and ( severity eq high )
( eventid eq connect-agent-failure ) and ( description contains 'TS-Agent TAID_100(vsys1): Error: Failed to Connect to 192.168.1.1(source: 192.168.1.1), SSL error: error:00000000:lib(0):func(0):reason(0)(5)  details: none' )
( eventid eq connect-server-monitor-failure ) and ( description contains 'User-ID server monitor L1111(vsys1) Connection refused' )
( eventid eq connect-agent-failure ) and ( description contains 'TS-Agent TAID_111111(vsys1): Error: Failed to connect to 192.168.1.1(192.168.1.1):5009 details: none' )
( eventid eq connect-agent-failure ) and ( description contains 'User-ID Agent uia-name(vsys1): Error: Failed to connect to 192.168.1.1(192.168.1.1):5007 details: none' )
( eventid eq connect-agent-failure ) and ( description contains 'Redistribution Agent fw1(vsys1):  details: close connection to agent' )

Medium

( subtype eq userid ) and ( severity eq medium )
( eventid eq get-ldap-data-failure ) and ( object eq 192.168.1.1 ) and ( description contains 'ldap cfg grp-map-profile failed to get info from server 192.168.1.1:389' )
( eventid eq connect-ldap-sever-failure ) and ( object eq 192.168.1.1 ) and ( description contains 'ldap cfg grp-map-profile failed to connect to server 192.168.1.11:389: Error: Failed to connect to 192.168.1.11(192.168.1.11):389' )

Informational

( subtype eq userid ) and ( severity eq informational )
( eventid eq connect-server-monitor ) and ( description contains 'TS-Agent TAID_ddddd(vsys1): Error: Failed to connect to 192.168.1.1(192.168.1.1):5009 details: none' )
( eventid eq connect-server-monitor ) and ( description contains 'User-ID server monitor HKGDC01(vsys1): connected to 192.168.1.1' )
( eventid eq connect-ldap-sever ) and ( object eq 192.168.1.1 ) and ( description contains 'ldap cfg grp-map-profile connected to server 192.168.1.11:389, initiated by: 192.168.1.1' )
( eventid eq connect-agent ) and ( description contains 'User-ID Agent User-ID(vsys1): connected to 192.168.1.1, status , version 5' )
( eventid eq disconnect-agent ) and ( description contains 'User-ID-Agent User-ID disconnected: IP 192.168.1.1, port 5007 vsys1' )
( eventid eq connect-client ) and ( description contains 'User-ID Client is connected to collector (null): Serial-number 005555000055555-log-collection, vsys_id 1' )
( eventid eq disconnect-client ) and ( description contains 'User-ID Client is disconnected from collector firewall: IP 192.168.1.1, port 38180, vsys_id 1' )

<code>( eventid eq disconnect-client ) and ( description contains 'User-ID Client is disconnected from collector (null): IP panorama2, port 0, vsys_id 1' )

paloaltonetworks/logs/syslog/userid.1591260171.txt.gz · Last modified: (external edit)