Problem
URLs in "URL" field of URL filtering logs does not include port number when accessed URLs are not port 80 or 443.
The corresponding logs sent to syslog server:
Jul 18 13:30:04 Lab130-35-PA-3060 1,2017/07/18 13:30:03,010401000897,THREAT,url,1,2017/07/18 13:30:03,192.168.35.110,10.128.128.207,10.128.128.35,10.128.128.207,Trust-to-Untrust,,,web-browsing,vsys1,L3-Trust,L3-Untrust,ethernet1/6,ethernet1/3,test,2017/07/18 13:30:03,20381,1,16871,8888,21504,8888,0x408000,tcp,alert,10.128.128.207/,(9999),test8888,informational,client-to-server,3628,0x0,192.168.0.0-192.168.255.255,10.0.0.0-10.255.255.255,0,text/html,0,,,1,,,,,,,,0
Jul 18 13:30:06 Lab130-35-PA-3060 1,2017/07/18 13:30:05,010401000897,THREAT,url,1,2017/07/18 13:30:05,192.168.35.110,10.128.128.207,10.128.128.35,10.128.128.207,Trust-to-Untrust,,,web-browsing,vsys1,L3-Trust,L3-Untrust,ethernet1/6,ethernet1/3,test,2017/07/18 13:30:05,20388,1,16872,80,44827,80,0x408000,tcp,alert,10.128.128.207/,(9999),test8888,informational,client-to-server,3629,0x0,192.168.0.0-192.168.255.255,10.0.0.0-10.255.255.255,0,text/html,0,,,1,,,,,,,,0
Resolution
After PAN-OS 7.0, this field's output has been changed. The port number is shown in the URL field when accessed URLs are not port 80 or 443.
The corresponding logs sent to syslog server also include port number in the field:
Jul 18 13:50:37 Lab130-35-PA-3060 1,2017/07/18 13:50:36,010401000897,THREAT,url,1,2017/07/18 13:50:36,192.168.35.110,10.128.128.207,10.128.128.35,10.128.128.207,Trust-to-Untrust,,,web-browsing,vsys1,L3-Trust,L3-Untrust,ethernet1/6,ethernet1/3,test,2017/07/18 13:50:36,11,1,16968,80,46822,80,0x408000,tcp,alert,10.128.128.207/,(9999),test8888,informational,client-to-server,3631,0x0,192.168.0.0-192.168.255.255,10.0.0.0-10.255.255.255,0,text/html,0,,,1,,,,,,,,0,0,0,0,0,,Lab130-35-PA-3060,
Jul 18 13:50:39 Lab130-35-PA-3060 1,2017/07/18 13:50:38,010401000897,THREAT,url,1,2017/07/18 13:50:38,192.168.35.110,10.128.128.207,10.128.128.35,10.128.128.207,Trust-to-Untrust,,,web-browsing,vsys1,L3-Trust,L3-Untrust,ethernet1/6,ethernet1/3,test,2017/07/18 13:50:38,21,1,16969,8888,55926,8888,0x508000,tcp,alert,10.128.128.207:8888/,(9999),test8888,informational,client-to-server,3632,0x0,192.168.0.0-192.168.255.255,10.0.0.0-10.255.255.255,0,text/html,0,,,1,,,,,,,,0,0,0,0,0,,Lab130-35-PA-3060,
Note:
Filtering sites setting does not need a port number (Objects > Custom Objects > URL Category)