PAN-OS 8.1.2 Introduces New Log Options

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.
Cyber Elite
Cyber Elite

Historically, some malformed or irregular packets that were discarded by a zone protection profile or built in protection (like LAND attacks) would only increment a global counter to indicate an action was taken. This made troubleshooting such occurrences, or logging for auditing and compliancy, a little more tedious.

 

Starting from PAN-OS 8.1.2 new threat logs were introduced that will appear each time such packets are discarded:

 

  • Fragmented IP packets
  • IP address spoofing
  • ICMP packets larger than 1024 bytes
  • Packets containing ICMP fragments
  • ICMP packets embedded with an error message
  • First packets for a TCP session that are not SYN packets

ip drop.pngtcp drop.pngicmp drop.png

 

Threat logs will also be generated on the following events (which don’t require Packet-Based Attack Protection):

  • Teardrop attack
  • DoS attack using ping of death

 

To enable the additional logging, run this operational command:

> set system setting additional-threat-log on 

 

You can find the release notes here: PAN-OS 8.1 Release Information

 

 

Stay frosty

Reaper

12 Comments
  • 49394 Views
  • 12 comments
  • 7 Likes
Register or Sign-in
About the Author
I drink and I know things
Labels