- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
05-28-2013 11:56 AM
Hi,
isn't the "Related Logs" field in the details of a traffic log entry supposed to list logs from other logging categories like URL-Filtering or Data-Filtering as well? I only seem to get other traffic logs in the related log field.
Example:
* outgoing web-browsing is allowed, logging is turned on
* URL-filtering is in place, logging is turned on (action: alert)
* User browses to www.wired.com, category "News" (I just made that up).
Result:
* I see the request in the URL-Filtering logs
* I see the request in traffic logs
BUT:
* I open the corresponding traffic log entry to see the details and look at the "related logs" field. Nothing from the URL-Filter shows up here. Even though it was logged.
It does work the other way around (looking at URL-Filter log entry details, related logs shows corresponding traffic log entries).
Is this a but? PanOS 5.02.
05-28-2013 12:26 PM
Does it not show up as a 'threat' log?
Here's the URL log for session id 55307
|
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Here's the traffic log for the same session ID
|
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
05-28-2013 01:07 PM
Thanks. That's strange. If I do a search on a specific session ID like you did, the related logs show up. If I randomly pick any other web-browsing traffic log, the related logs do not show.
05-28-2013 01:20 PM
Searched traffic logs and found one where there was no correlating "URL" threat log. So I scoured the url logs and filtered by dst ip and src port equivalent to what was detected via the traffic log and sure enough, no URL log found .
05-28-2013 01:22 PM
Not in my case. I definitely have corresponding URL logs that do not show up in related logs. 100%
05-28-2013 01:24 PM
Perhaps a call into Support would be more feasible so we can dissect this further?
05-28-2013 01:55 PM
will do. thanks for your help!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!