https://live.paloaltonetworks.com/t5/general-topics/http-headers-in-threat-log/m-p/67687#M39640 <P>Hi,</P> <P>&nbsp;</P> <P>thanks for your help.</P> <P>&nbsp;</P> <P>I have just checked my URL Profile - after setting every URL Category to "alert" i can now see the full URL in Threat Log.</P> <P>&nbsp;</P> <P>The Header Options in URL Profile were already set.</P> <P>&nbsp;</P> <P>&nbsp;</P> Thu, 05 Nov 2015 10:15:51 GMT iweltag 2015-11-05T10:15:51Z https://live.paloaltonetworks.com/t5/general-topics/http-headers-in-threat-log/m-p/67560#M39593 <P>Hi,</P> <P>&nbsp;</P> <P>is there any possibility to see the HTTP Headers in Threat Log? For example i want to protect a shared hosting environment and on the threat log ( vulnerability profile, WordPress Login BruteForce Attempt) i can only see "wp-login.php" as the "URL" and not "<A href="http://www.example.com/wp-login.phh&quot;" target="_blank">www.example.com/wp-login.phh"</A> (see screenshot)<IMG src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/1034iFCBB28D54C32A889/image-size/original?v=mpbl-1&amp;px=-1" alt="TP-Log.png" title="TP-Log.png" border="0" /></P> <P>I can already configure advanced HTTP Header Logging for URL Profile but it is also possible for other security profiles?</P> <P>&nbsp;</P> <P>Thanks.</P> Mon, 02 Nov 2015 15:30:41 GMT https://live.paloaltonetworks.com/t5/general-topics/http-headers-in-threat-log/m-p/67560#M39593 iweltag 2015-11-02T15:30:41Z https://live.paloaltonetworks.com/t5/general-topics/http-headers-in-threat-log/m-p/67594#M39603 <P>I think you want to enable the setting as below. Note this will increase the amount of data logged</P> <P>&nbsp;</P> <P><IMG src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/1040i81C6E21EC48FF9B8/image-size/original?v=mpbl-1&amp;px=-1" alt="Untitled.png" title="Untitled.png" border="0" height="270" width="545" /></P> <P>&nbsp;</P> Tue, 03 Nov 2015 09:41:22 GMT https://live.paloaltonetworks.com/t5/general-topics/http-headers-in-threat-log/m-p/67594#M39603 RC-BHF 2015-11-03T09:41:22Z https://live.paloaltonetworks.com/t5/general-topics/http-headers-in-threat-log/m-p/67596#M39604 <P>On your threat log details top right there should be "Session ID".</P> <P>Take this number and go to URL log.</P> <P>Use following filter but replace number with your session id:</P> <P>(sessionid eq 480652)</P> <P>&nbsp;</P> <P>Do you see any log entries?</P> <P>As there is limited number of session id numbers then they are reused so look in same time range when threat happened.</P> <P>&nbsp;</P> <P>I can see url in threat log output with 7.0.3 for example.</P> <P>&nbsp;</P> <P><IMG src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/1041iDC67777D7BC6E476/image-size/original?v=mpbl-1&amp;px=-1" border="0" alt="threat.PNG" title="threat.PNG" /></P> Tue, 03 Nov 2015 11:05:50 GMT https://live.paloaltonetworks.com/t5/general-topics/http-headers-in-threat-log/m-p/67596#M39604 Raido_Rattameister 2015-11-03T11:05:50Z https://live.paloaltonetworks.com/t5/general-topics/http-headers-in-threat-log/m-p/67687#M39640 <P>Hi,</P> <P>&nbsp;</P> <P>thanks for your help.</P> <P>&nbsp;</P> <P>I have just checked my URL Profile - after setting every URL Category to "alert" i can now see the full URL in Threat Log.</P> <P>&nbsp;</P> <P>The Header Options in URL Profile were already set.</P> <P>&nbsp;</P> <P>&nbsp;</P> Thu, 05 Nov 2015 10:15:51 GMT https://live.paloaltonetworks.com/t5/general-topics/http-headers-in-threat-log/m-p/67687#M39640 iweltag 2015-11-05T10:15:51Z