12-19-2024 03:30 AM
Equipment: PA1410 (PAN-OS 11.1.4-h1)
Issue: Some threat logs are not seen in output.
Details:
・The vulnerability protection alert test was performed 4 times on PA1410 with reference to the following page.
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClpPCAS
-1st time (2024/12/14 15:29:58): A threat log was seen as output from Monitor > Threat in the Web UI.
-Second time ( 2024/12/14 17:34): The threat log was not seen as output in Monitor > Threat in the Web UI.
-Third time (2024/12/16 8:41:52): A threat log was seen as output in Monitor > Threat in the Web UI.
-Fourth time (2024/12/16 10:29): The threat log was not seen as output in Monitor > Threat in the Web UI.
・The CLI command show log threat also did not print the second and fourth logs.
・I checked the results of show counter global one hour after the second communication and two hours after the fourth communication, but log_threat_loss_cnt did not count up in either case.
Does anyone know the cause of this issue?
12-23-2024 08:29 AM
Kind of sounds like the firewall just simply didn't see the threat. Where you doing it on a decrypted page? Did the traffic hit a rule that was set to log threats properly?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
