Logs are not being saved on the security gateway or written to the log server without an apparent trigger - fwd is up on both gateway and log server.
in fwd.elg:
calling srv_disconnected_cb for 'LS_Hostname', conn = (nil), conn->closed = 1, conn->state != LSTATE_CONNECTED = 1
[FWD PID]@Host[DATE TIME] srv_disconnected: change 'LS_IP' status to Status ERROR description: Log-Server Disconnected
[FWD PID]@Host[DATE TIME] log_connected: change 'LS_IP' status to Status OK description: Log-Server Connected
in cplog_debug.elg (From R80.20):
[FWD PID]@Host[DATE TIME] srv_disconnected: Reducing s_nActiveRemoteServerCount by one: connect_fail now: 0
[FWD PID]@Host[DATE TIME] set_new_server_status: setting new status: NOT_ACTIVE for IP: LS_IP
[FWD PID]@Host[DATE TIME] set_new_server_status: setting new status: CONNECTED for IP: LS_IP
[FWD PID]@Host[DATE TIME] log_connected: log Server 'LS_IP': CONNECTED (Connect to log server succeeded)
Running "cpstat fw -f log_connection" on the security gateway shows the log server as connected but logs are not being sent.
Multiple logs appear on the SmartConsole with the following message:
xxx log entries were not sent to log server x.x.x.x because of high load, but were instead sent to backup.
Cause
The issue may occur due to network latency between the Security Gateway and the defined Log Server or frequent disconnections.
