About sunright

https://jira-hq.paloaltonetworks.local/browse/PAN-80838   I checked it with PM, as of Nov 2018 ,there is no plan to fix this at the moment. If customer needs an enhancement, need to raise clear request to PM. ... View more

One correction. the following filter should be sufficient. ( port.src eq xxx ) and ( app eq dns ) ... View more

Hi, Even though you have 17000 DNS packet, I assume source port is sequence or randomized so it should be possible to match pcap and traffic log? Were you not able to identify which traffic log was made with which pcap? You can use filter on GUI like following. ( port.src eq xxx ) and ( port.dst eq 53 ) and ( app eq dns ) There is filter function on CLI as well. admin@PA-200> show log traffic + action         action + app            app + csv-output     csv-output + direction      direction + dport          dport + dst            dst + dstuser        dstuser + end-time       end-time + from           from + query          query + receive_time   receive_time + rule           rule + sport          sport + src            src + srcuser        srcuser + start-time     start-time + to             to   |              Pipe through a command   <Enter>        Finish input I hope this helps. ... View more

You can also compared the pcap with traffic log. Since traffic you look for must be DNS, I would use source port number to identify which packet is corresponding to a specific traffic log. Traffic log should include rule name as well. FYI: This is the way to add column in traffic log in GUI. https://live.paloaltonetworks.com/docs/DOC-2799 ... View more