Botnet report fails to generate on some devices

by bvandivier on ‎03-31-2017 10:55 AM - edited on ‎03-31-2017 01:41 PM by (2,708 Views)


Why is my botnet report not working?  


In some instances, a botnet report may fail to generate on a device. This can be verified by the following factors.


  • Botnet reports are not available for selection in bold on the report calendar located within Monitor > Botnet > Date
  • In mp-log > botnet.log content is not loaded
  • In mp-log > botnet.log the progress_file is empty
  • In mp-log > botnet.log the following error is returned: 
    failed: cannot open file /opt/pancfg/mgmt/av/botnet.db


Several factors can prevent successful generation of the botnet report.


  1. Botnet reports have not been configured.
  2. No URL Filtering logs are present with a category of "malware".  These are necessary for botnet report correlation.
  3. There is no active AV content installed on the device.**
  4. The device does not have an active Threat Prevention (AV) license.**

** In scenarios 3 & 4 the following error will be present in mp-log > botnet.log:

failed: cannot open file /opt/pancfg/mgmt/av/botnet.db


The botnet.db (database) file is downloaded as part of Antivirus (AV) dynamic updates.  Without a valid Threat license or AV content on the device it is not possible to download the botnet.db file.  Therefore, one will not be able to successfully run or generate the botnet report.

Ignite 2018, Amsterdam, Netherlands
Ask Questions Get Answers Join the Live Community