Unable to See the Threat Logs for Packet Based Attack
Created On 09/26/18 13:44 PM - Last Modified 06/12/23 20:57 PM
When Zone Protection is enabled for a Zone and there is a packet based attack, threat logs are not being shown even though the logs are being forwarded for Zone Protection. The screenshots below describe this scenario.
The Packet Based Attack protection is configured in the Network > Zone Protection:
For this scenario, a zone was added to create a Zone Protection Profile with Packet Based Attack Protection:
Under Network > Zones the Zone Protection Profile was used, as shown above in the zones.
In this scenario, a Log Forwarding profile was added in Log Setting > Zone, which forwarded all the Zone Protection logs.
It is expected that the logs for the Zone Protection logs to display in the Monitor > Logs > Threat. However, there are no threat logs being displayed:
Prior to PAN-OS 8.1.2
When Packet Based Attack Protection is enabled, packets that match detection criteria will be dropped. This type of traffic is considered noise, and log entries will not be written to the Threat log.
Starting from PAN-OS 8.1.2:
Additional logging can be enabled to make the abovementioned blocked threats visible, as outlined in PAN-OS 8.1.2 introduces new log options
owner: achalla