Understanding DoS Logs and Counters

Understanding DoS Logs and Counters

45649
Created On 09/25/18 18:09 PM - Last Modified 09/13/22 18:49 PM


Resolution

Palo Alto Networks firewalls provide Zone Protection and DoS Protection profiles to help mitigate against flood attacks,reconnaissance activity, and packet based attacks. As denial of service attacks can originate from many sources at extremely high rates, the firewall will log these types of attacks differently from other logging events to ensure that the firewall’s resources are not depleted by the attack.

 

This tech note in the pdf attached below identifies and describes the key log events and counters of interest related to these log types.

CLI commands used in the tech note:

show counter global filter delta yes aspect dos
show running dos-policy
show zone-protection zone <zonename>
show dos-protection zone <zonename> blocked source
show dos-protection rule <rulename> settings
show dos-protection rule 
show session packet-bufferprotection
show session packet-bufferprotection zones
show dos-block-table all
show dos-block-table summary

Logs:
 

show log threat direction equal backward

owner:pkwan



Attachments
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClOKCA0&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language