- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
06-25-2014 08:55 AM
Hey All -
I have several URL-Filtering logs that come through with a category of FORWARD. Everything else is blank (URL, From Zone, To Zone, etc.). Can anyone shed some light on what this means?
Thanks!
Matt
06-25-2014 12:22 PM
We are using PAN-DB. And I stand corrected. Source and Destination addresses are present. I've attached a screenshot.
06-25-2014 01:00 PM
That image looks pretty broken - it seems to have the application in the "From Zone" column and the Source Country in the Application column! I wouldn't trust that output very much...
06-25-2014 01:05 PM
Maybe he named the zone on the firewall web-browsing? That would be kinda weird though
06-25-2014 01:06 PM
Are your logs from a device or from Panorama? Also, what version of PAN-OS are you running?
--Doris
06-25-2014 01:06 PM
Well of course I don't trust the output, lol.. that's the purpose of the question. Regardless of how accurate the output is, it is showing up in our logs and I'd love to find out what it is.
06-25-2014 01:07 PM
Doris - Those logs are from a device, which forwards all log to an M-100 Log Collector. That being said, the screenshot was taken from Panorama.
06-25-2014 01:09 PM
Your firewalls are effectively providing you corrupted data. Personally, I'd resolve that first and then go from there...
If you look on the CLI; do you get the same output?
06-25-2014 01:10 PM
Do you know if the logs are displayed correctly on the device? Also, what version of PAN-OS is running on Panorama? I know that there was a similar bug that was fixed, so I'm curious as to whether or not this is the same issue or another variant of it.
--Doris
06-25-2014 01:11 PM
I thought that at first; but then you see the Application column and you know its just fundamentally broken.
06-25-2014 01:54 PM
Oh yea wow, gotcha.
What the heck PANOS is this? I'm avoiding the 6.0 train for about a year on my side
06-26-2014 06:11 AM
dyang, ajbool, ericgearhart -
The device (Firewall) is running 5.0.11. The Log Collector it sends logs to is 5.1.3, and Panorama is 5.1.6.
Also, yes the logs appear correctly on the device. I took the query I ran in Panorama to get those results, and ran it on the device, and had correct results on the device.
06-26-2014 11:34 AM
We had a bug where headers and the rest of the table did not match in certain scenarios, but that was only for CSV exports (this bug was also fixed in PAN-OS 6.0.1). Can you open a case with Support so we can take a look and investigate further?
Thanks,
Doris
06-26-2014 11:43 AM
Thanks, I will open a ticket with Support.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!