Parserror on Event logs.

When accessing Event logs, instead of loading the data, you see a Parserror.

This KB is for when there's no issues on Control Plane or Data Plane, so regular usage of CPU and memory.

In case there's high usage of those, please refer to:

• Control Plane / Core 0: How can I troubleshoot Core 0 spikes or high utilization?
• Data Plane: How do I troubleshoot high data plane CPU usage on a firewall?

This usually means the firewall is not able to process collected data, but if there's no issues with core/CPU utilization, what can be cause?

The primary suspect is any non alphanumeric character showing up on event logs.

• Export the event logs as CSV format, and confirm if the event logs is still correctly being collected.
• After confirmation that the logs are being collected, you can change display to last 60s, clear the logs and confirm after clearance that it shows the first couple of logs.
• Refresh until error occurs, when it occurs please try to confirm if there's any non alphanumeric characters, usually they show up as blank blocks like "" or similar.
• Finding them you will have your cause. In case is in a object controlled on the firewall, please edit the character out of the object name.
• Some other cases maybe external, as in "Src. Name" and "Src. Destination", in which case you can change on "Log Settings > Name resolution" to "None" so the firewall will stop trying to fetch names besides the IP of machines that potentially is out of our control.

In case there's no non alphanumeric character on the logs, please follow the steps below:

• Disable log id=1574 from Manage |Log Settings | Base Setup | Firewall | Application Control | Filename Logging, and id=1460 from Log Settings | Base Setup |Security Services |GAV|Capture ATP File Transfer Result
     
• Clear all the logs on page log-|monitor
• Reboot the device and test.