GMS - How to stop IPv6 syslog processing errors

Description

Sometimes summarizer logs are filled with IPv6 parsing errors. This could jam GMS summarizer and summarizer loses the ability to process syslog files. Syslog files are accumulated because of this.

Example error in stdSummarizer logs:

[Tue Jul 30 17:02:56 EDT 2024] Jul 30, 2024 17:02:56: [LocalMessageDAO/add()]: ERROR: Parse Error-Invalid ipv6 address [ =00:fe80::32d6:1657:1ec4:f04e] msg=<134>  id=firewall sn=2CB8EDA2DDA7 time="2024-07-30 21:02:14 UTC" fw=23.119.179.213 pri=6 c=512 m=1573 msg="IPv6 packet dropped due to IPv6 traffic processing is disabled on this firewall" n=2025791 srcV6= =00:fe80::32d6:1657:1ec4:f04e src=::X0-V10 dstV6=ff02::fb srcMac=e4:54:e8:74:2f:e5 dstMac=33:33:00:00:00:fb fw_action="NA"

This can be resolved by adding the event ID to GMS Syslog Exclusion Filter.

Take above log as an example. The event ID is ‘m=1573’. Seach for it in firewall:

Image

Then in GMS, go to Console/Reports/Syslog Filter, add the corresponding filter:

Image

Restart Report Summarizer service. Checking summarizer logs, above error should not happen anymore. Similar error on other event IDs can be cleared the same way.

Related Articles

  • NSM On-Prem Reporting Server configuration
    Read More
  • How to upgrade NSM On-Prem firmware via console CLI (NSM On-Prem version 3.2.0 and above)
    Read More
  • Gen 7 NSM-Firewall Licensing Changes – Effective May 1, 2025
    Read More

Categories

Management and Reporting
GMS
not finding your answers?
Ask the Community
Chat