PAN-OS 8.1.2 Introduces New Log Options

Historically, some malformed or irregular packets that were discarded by a zone protection profile or built in protection (like LAND attacks) would only increment a global counter to indicate an action was taken. This made troubleshooting such occurrences, or logging for auditing and compliancy, a little more tedious.

Starting from PAN-OS 8.1.2 new threat logs were introduced that will appear each time such packets are discarded:

Fragmented IP packets
IP address spoofing
ICMP packets larger than 1024 bytes
Packets containing ICMP fragments
ICMP packets embedded with an error message
First packets for a TCP session that are not SYN packets

ip drop.png tcp drop.png icmp drop.png

Threat logs will also be generated on the following events (which don’t require Packet-Based Attack Protection):

Teardrop attack
DoS attack using ping of death

To enable the additional logging, run this operational command:

> set system setting additional-threat-log on

You can find the release notes here: PAN-OS 8.1 Release Information

Stay frosty

Reaper

12 Comments

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

51939 Views
12 comments
7 Likes

Popular Blogs

User

Likes Count

PAN-OS 8.1.2 Introduces New Log Options

PAN-OS 8.1.2 Introduces New Log Options

How AI is Transforming Cybersecurity: Highlights from Bay Area Ignite

Introducing Web Proxy: Now Live on LIVEcommunity!

New Advanced URL Filtering Category: Remote-Access

How AI is Transforming Cybersecurity: Highlights from Bay Area Ignite

Re: Tips & Tricks: How to Secure the Management Access of Your Palo Alto Networks Device

Introducing Web Proxy: Now Live on LIVEcommunity!

Re: Your Feedback Matters: Take Our Survey for a Chance to Win Prizes!

Re: Tips & Tricks: How to Secure the Management Access of Your Palo Alto Networks Device

Unlock your full community experience!

PAN-OS 8.1.2 Introduces New Log Options