Palo Alto Networks Knowledgebase: Large Amounts of Unknown URL Categories in Logs with BrightCloud

Large Amounts of Unknown URL Categories in Logs with BrightCloud

Created On 02/07/19 23:48 PM - Last Updated 02/07/19 23:48 PM
URL Filtering


  • BrightCloud is used for URL resolution and large amounts of Unknown are seen inside of the URL logs, which is causing issues with traffic.
  • Test URL CLI commands response with not-resolved, For example:
    > test url <url> 
    <url> not-resolved (Cloud db)


There can be a number of reasons why this is happening.


Check the BrightCloud stats with the following CLI command:

> debug device-server bc-url-db show-stats

BC URL DB access counters:

Total requests: 322 (77% unknown)

DB file lookup hit: 72, miss 711, total 783

cache enabled: no


The example output above shows a large amount of unknown in the BrightCloud DB.



There are URL filtering and cache settings that can greatly affect and improve the URL filtering performance.

  1. The following commands enable cache and bloom filter.
    > debug device-server bc-url-db cache-enable yes
    > set system setting url-filtering-feature filter True
    > set system setting url-filtering-feature cache True

  2. At this point, it is important to restart the device server process. Restarting this process during non-peak hours is advisable. During the restart, the existing User-ID mapping will be temporarily cleared.
    > debug software restart device-server

  3. Once the service is restarted (wait approximately 3 minutes) verify that the options are enabled with the following command:
    > show system setting url-filtering-feature
    cfg.url-feature.basedb-cache: True
    cfg.url-feature.bloom-filter: True


Once the steps above are performed, performance should improve and the Unknown URL categories that appear should be reduced.


owner: jdelio

  • Print
  • Copy Link

Choose Language