PAN-OS 8.1.2 Introduces New Log Options

Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cyber Elite
Cyber Elite

Historically, some malformed or irregular packets that were discarded by a zone protection profile or built in protection (like LAND attacks) would only increment a global counter to indicate an action was taken. This made troubleshooting such occurrences, or logging for auditing and compliancy, a little more tedious.


Starting from PAN-OS 8.1.2 new threat logs were introduced that will appear each time such packets are discarded:


  • Fragmented IP packets
  • IP address spoofing
  • ICMP packets larger than 1024 bytes
  • Packets containing ICMP fragments
  • ICMP packets embedded with an error message
  • First packets for a TCP session that are not SYN packets

ip drop.pngtcp drop.pngicmp drop.png


Threat logs will also be generated on the following events (which don’t require Packet-Based Attack Protection):

  • Teardrop attack
  • DoS attack using ping of death


To enable the additional logging, run this operational command:

> set system setting additional-threat-log on 


You can find the release notes here: PAN-OS 8.1 Release Information



Stay frosty


Register or Sign-in
About the Author
I drink and I know things
Top Liked Authors