GMS - How to stop IPv6 syslog processing errors

Description

Sometimes summarizer logs are filled with IPv6 parsing errors. This could jam GMS summarizer and summarizer loses the ability to process syslog files. Syslog files are accumulated because of this.

Example error in stdSummarizer logs:

[Tue Jul 30 17:02:56 EDT 2024] Jul 30, 2024 17:02:56: [LocalMessageDAO/add()]: ERROR: Parse Error-Invalid ipv6 address [ =00:fe80::32d6:1657:1ec4:f04e] msg=<134>  id=firewall sn=2CB8EDA2DDA7 time="2024-07-30 21:02:14 UTC" fw=23.119.179.213 pri=6 c=512 m=1573 msg="IPv6 packet dropped due to IPv6 traffic processing is disabled on this firewall" n=2025791 srcV6= =00:fe80::32d6:1657:1ec4:f04e src=::X0-V10 dstV6=ff02::fb srcMac=e4:54:e8:74:2f:e5 dstMac=33:33:00:00:00:fb fw_action="NA"

This can be resolved by adding the event ID to GMS Syslog Exclusion Filter.

Take above log as an example. The event ID is ‘m=1573’. Seach for it in firewall:

Image

Then in GMS, go to Console/Reports/Syslog Filter, add the corresponding filter:

Image

Restart Report Summarizer service. Checking summarizer logs, above error should not happen anymore. Similar error on other event IDs can be cleared the same way.

Related Articles

  • Analytics On-Prem vs NSM Feature Matrix
    Read More
  • Analytics On-Prem End of Life and NSM Transition FAQ
    Read More
  • NSM On-Prem: Backups over SCP to Windows OpenSSH Server
    Read More

Categories

Management and Reporting
GMS
not finding your answers?
Ask the Community