Screen OS

Hello,

This is a bit of a weird problem. I've got my SSG set up to forward all its logs to an external syslog server, security facillity  and facility are set to 0, every box is checked under log settings. I'm running firmware version "6.3.0r14.0". I am getting some messages in my syslog server, which is set to watch all facitities and all levels. But message delivery is seemingly random. We're using web filtering and antivirus and I will get some permit or block messages when someone tries to access a web site but other times nothing, I also don't get entries for ping attempts, though I see those on the device itself's logs. Any ideas? What could cause this?

Further interesting thing: Logging is enabled for all policies and if I check each individual policy's log I can see everything but I do not see a lot of those entries in the syslog output.

For the ping attempts to the device, make sure the "log packets terminated to self" option is checked in the reports menu.

For the sporadic delivery, if this is a case where some events are seen and others not, have a look at the transport between the firewall and the syslog server.  Syslog is udp forwards, if the link is too busy or has other connectivity issues, or if the syslog server is too busy some events may be lost.

Look for traffic congestion or cpu issues on the firewall and syslog server.

Thank you for the reply!

The CPU on the firewall and syslog server aren't overly busy, but switching to TCP has fixed my issue. Thank you for the point in the right direction.