custom report - "unknown" category

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

custom report - "unknown" category

L4 Transporter

Hello

 

I observed that in my reports in pdf I have a lot of "unknown" in CATEGORY column.

2017-08-15_201653.png

My report looks like:

2017-08-15_203202.png

 

How is possible that google-base or linkedin-base have category=unknown ?

 

Regards

Slawek

1 accepted solution

Accepted Solutions

I found solution !!! link

show running top-urls category unknown

now shows some url but not very common like before.

 

Thx all for help

 

Regards

Slawek

 

View solution in original post

9 REPLIES 9

L7 Applicator

Hi @_slv_

 

What were the actual URLs behind these entries in your report?

The app that PaloAlto sees does not have to be related to the URL where your users connect to. So depending on the actual signature it might be possible that you see these apps on totally different websites.

The other possibility of this behaviour is that there were problems of your firewall in the url cache.

You should also check on the CLI the URL DB status of these websites.

L4 Transporter

Hello @Remo

 

some CLI output

 

admin@PA-500> debug device-server bc-url-db db-info

brightcloud db:

type    : brightcloud_md5_db
desc    : version_2.2.0
version : 20170815
dataline: 0020000000

umd5 base db:

version: 5.284
db date: 20170815

No bloom filter found for base db


admin@PA-500> debug device-server bc-url-db show-stats

BC URL DB access counters:
  Total requests: 9222 (65% unknown)
  DB file lookup hit: 3219, miss 17444, total 20663
  cache enabled: no


admin@PA-500> debug device-server bc-url-db bloom-verify-basedb

bloom isn't built
Test bloom failed


admin@PA-500> debug device-server bc-url-db bloom-stats

No bloom filter found for base db

I'm new to url reports ... should do I enable cache ? (I think - yes) but what about "bloom" - what is that?

 

>What were the actual URLs behind these entries in your report?

 

I need some time to verify that

 

 

Regards

Slawek

Hello

 

Some new info (from Monitori>URL filtering)

2017-08-17_204858.png

 

Any idea why there is "unknown" ?

 

Regards

SLawek

@_slv_,

I would do as @Remo suggested and clear my URL-cache and let it rebuild prior to troubleshooting this any further. You can check what category any URL should be categorized as if your cache is working correctly by going HERE . The outlook.office365.com should get categorized as Computer and Internet Info if everything is working correctly. 

 

L4 Transporter

 

I did :

admin@PA-500> clear url-cache all

All entries in URL cache removed!


admin@PA-500> delete url-database all

This command requires the Palo Alto Networks URL filtering database.


admin@PA-500> test url www.paloaltonetworks.com

www.paloaltonetworks.com computer-and-internet-security (Cloud db)


admin@PA-500> test url outlook.office365.com

outlook.office365.com computer-and-internet-info (Cloud db)

We will see if that fix reports or not...

Stil is something wrong in my opinion

 

admin@PA-500> test url www.decathlon.de

www.decathlon.de shopping (Dynamic db)

when

2017-08-18_092028.png

I found solution !!! link

show running top-urls category unknown

now shows some url but not very common like before.

 

Thx all for help

 

Regards

Slawek

 

So you simply had to enable "dynamic URL filtering" in your URL profile?

L4 Transporter

Not only, also I added

# set deviceconfig setting url dynamic-url yes

to my configuration

 

Regards

Slawek

  • 1 accepted solution
  • 4593 Views
  • 9 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!