paloaltonetworks:logs:syslog:wildfire
This is an old revision of the document!
Table of Contents
WildFire Syslogs
Critical
This happened when Palo Alto Networks let their wildfire certificate expire in early 2020.
( subtype eq wildfire ) and ( severity eq critical )
( eventid eq wildfire-auth-failed ) and ( description contains 'Validation of Local client certificate failed resulting in error 58, Problem with the local SSL certificate' )
Medium
( subtype eq wildfire ) and ( severity eq medium )
( eventid eq wildfire-conn-success ) and ( description contains 'Successfully registered to Public Cloud wildfire.paloaltonetworks.com' )
( eventid eq wildfire-conn-failed ) and ( description contains 'Failed to resolve host panos.wildfire.paloaltonetworks.com' )
Informational
( subtype eq wildfire ) and ( severity eq informational )
( eventid eq wildfire-auth-failed ) and ( description contains 'Failed to connect to proxy (no proxy) or host panos.wildfire.paloaltonetworks.com' )
( eventid eq wildfire-conn-failed ) and ( description contains 'Failed to perform task resulting in connection timeout with WildFire Cloud panos.wildfire.paloaltonetworks.com' )
paloaltonetworks/logs/syslog/wildfire.1591259947.txt.gz · Last modified: (external edit)