- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
06-28-2018 07:49 AM
Hello Community,
the logs on my Minemeld shows the below error for all that IPs that catch, could you please advice how to get ride of this problem?
Thanks in advance
06-29-2018 05:12 AM
Hi @hamza-zidane,
that's not a problem per-se, but it means that the inbound filters in the node inboundfeedhc are dropping some indicators.
Could you share your config? Or the config of inboundfeedhc node?
Thanks,
luigi
07-02-2018 01:57 PM
Hi @hamza-zidane,
the DROP_UPDATE is generated because the node *inboundfeedlc* receives an UPDATE for an indicator with confidence level 100, that is confidence level high. *inboundfeedlc* instead is based on a prototype (stdlib.feedLCGreen) that selects only indicators with confidence < 50. *inboundfeedhc* instead is baed on feedHCGreen that selects only indicators with confidence level high and accepts the indicators ACCEPT_UPDATE
You should check ms.log file for additional details about the PAN-OS error in pulling the EDL.
07-02-2018 02:35 PM
Hello Imori,
Thanks for your quick feedback,
I have checked the logs on FW, and made a quick check on internet for what it might be the root cause for this error,
but unfortuntally i could't find something helpful.
I have put the below error message and hope you could take a look and help
2018-07-02 12:13:44.404 +0100 EDL FREE EDL Refresh timer job (0x2c3d0400, 2096)
2018-07-02 12:15:00.508 +0100 Checking to purge appstatdb logtype
2018-07-02 12:18:45.148 +0100 EDL entry(0x1a46000, 0x270ac000, 0x935a000 vsys2/EDL_SPAM, 0, 1 ip) Entry not referenced by a rule
2018-07-02 12:18:45.149 +0100 Error: pan_ebl_set_curl_proxy_info(pan_cfg_ebl.c:5329): failed to get proxy info
2018-07-02 12:18:55.150 +0100 Error: ebl_fetch_url_from_remote_libcurl(pan_cfg_ebl.c:1787): curl_easy_perform failed, Err(28):Timeout was reac
hed
2018-07-02 12:18:55.150 +0100 EDL entry(0x1a46000, 0x2c11d800, 0x935a000 vsys1/SPAM_IPs, 1, 1 ip) calling /bin/sed -e 's/^M$//g' /opt/pancfg/m
gmt/devices/localhost.localdomain/vsys1_SPAM_IPs.ebl.tmpxx 2>/dev/null > /opt/pancfg/mgmt/devices/localhost.localdomain/vsys1_SPAM_IPs.ebl.tmp
2018-07-02 12:18:55.157 +0100 Error: ebl_verify_fetched_copy(pan_cfg_ebl.c:2286): EDL entry(0x1a46000, 0x2c11d800, 0x935a000 vsys1/SPAM_IPs, 1
, 1 ip) No valid entries found. Timeout was reached
2018-07-02 12:18:55.182 +0100 Error: ebl_update_local_file(pan_cfg_ebl.c:2718): EDL entry(0x1a46000, 0x2c11d800, 0x935a000 vsys1/SPAM_IPs, 1,
1 ip) Unable to fetch external dynamic list. Timeout was reached. Using old copy for refresh.
07-02-2018 02:43 PM
Have you configured a proxy for EDL on PAN-OS? Could it be that the proxy is not reachable?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!