URL log does not include port number when accessed URLs are not port 80 or 443

URL log does not include port number when accessed URLs are not port 80 or 443

15500
Created On 09/25/18 19:45 PM - Last Modified 06/13/23 02:44 AM


Resolution


Problem

URLs in "URL" field of URL filtering logs does not include port number when accessed URLs are not port 80 or 443.

 

image0001-before7.0.png

 

The corresponding logs sent to syslog server:

Jul 18 13:30:04 Lab130-35-PA-3060 1,2017/07/18 13:30:03,010401000897,THREAT,url,1,2017/07/18 13:30:03,192.168.35.110,10.128.128.207,10.128.128.35,10.128.128.207,Trust-to-Untrust,,,web-browsing,vsys1,L3-Trust,L3-Untrust,ethernet1/6,ethernet1/3,test,2017/07/18 13:30:03,20381,1,16871,8888,21504,8888,0x408000,tcp,alert,10.128.128.207/,(9999),test8888,informational,client-to-server,3628,0x0,192.168.0.0-192.168.255.255,10.0.0.0-10.255.255.255,0,text/html,0,,,1,,,,,,,,0
Jul 18 13:30:06 Lab130-35-PA-3060 1,2017/07/18 13:30:05,010401000897,THREAT,url,1,2017/07/18 13:30:05,192.168.35.110,10.128.128.207,10.128.128.35,10.128.128.207,Trust-to-Untrust,,,web-browsing,vsys1,L3-Trust,L3-Untrust,ethernet1/6,ethernet1/3,test,2017/07/18 13:30:05,20388,1,16872,80,44827,80,0x408000,tcp,alert,10.128.128.207/,(9999),test8888,informational,client-to-server,3629,0x0,192.168.0.0-192.168.255.255,10.0.0.0-10.255.255.255,0,text/html,0,,,1,,,,,,,,0

 

 

Resolution

After PAN-OS 7.0, this field's output has been changed. The port number is shown in the URL field when accessed URLs are not port 80 or 443.

 

image0002-after7.0.png

 

The corresponding logs sent to syslog server also include port number in the field:

Jul 18 13:50:37 Lab130-35-PA-3060 1,2017/07/18 13:50:36,010401000897,THREAT,url,1,2017/07/18 13:50:36,192.168.35.110,10.128.128.207,10.128.128.35,10.128.128.207,Trust-to-Untrust,,,web-browsing,vsys1,L3-Trust,L3-Untrust,ethernet1/6,ethernet1/3,test,2017/07/18 13:50:36,11,1,16968,80,46822,80,0x408000,tcp,alert,10.128.128.207/,(9999),test8888,informational,client-to-server,3631,0x0,192.168.0.0-192.168.255.255,10.0.0.0-10.255.255.255,0,text/html,0,,,1,,,,,,,,0,0,0,0,0,,Lab130-35-PA-3060,
Jul 18 13:50:39 Lab130-35-PA-3060 1,2017/07/18 13:50:38,010401000897,THREAT,url,1,2017/07/18 13:50:38,192.168.35.110,10.128.128.207,10.128.128.35,10.128.128.207,Trust-to-Untrust,,,web-browsing,vsys1,L3-Trust,L3-Untrust,ethernet1/6,ethernet1/3,test,2017/07/18 13:50:38,21,1,16969,8888,55926,8888,0x508000,tcp,alert,10.128.128.207:8888/,(9999),test8888,informational,client-to-server,3632,0x0,192.168.0.0-192.168.255.255,10.0.0.0-10.255.255.255,0,text/html,0,,,1,,,,,,,,0,0,0,0,0,,Lab130-35-PA-3060,

 

 

Note:

Filtering sites setting does not need a port number (Objects > Custom Objects > URL Category)
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClceCAC&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language