1.1.2 Ensure 'Enable Log on High DP Load' is enabled

Information

Enable the option 'Enable Log on High DP Load' feature. When this option is selected, a system log entry is created when the device's packet processing load reaches 100% utilization.
Rationale:
When the device's packet processing load reaches 100%, a degradation in the availability of services accessed through the device can occur. Logging this event can help with troubleshooting system performance.

Solution

Navigate to Device > Setup > Management > Logging and Reporting Settings.
Set the Enable Log on High DP Load box to checked.
or
To remediate this setting using the CLI, execute the following command:
username@hostname#set deviceconfig setting management enable-log-high-dp-load yes
Default Value:
Not enabled

See Also

https://workbench.cisecurity.org/files/1780

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-12c.

Plugin: Palo_Alto

Control ID: fd5a29f0b7badefbf00b965048963ff8412496a6b4fc78322986115f8dffb41a