HTTP version 2: Why are traffic logs for HTTP/2 connection sessions not being generated?

HTTP version 2: Why are traffic logs for HTTP/2 connection sessions not being generated?

13943
Created On 01/19/19 01:55 AM - Last Modified 02/26/19 02:07 AM


Environment
  • Firewall
  • PANOS 9.0


Answer
Two types of sessions are generated for decrypted HTTP/2 traffic - connection sessions and stream sessions.
HTTP/2 connection sessions map to the TCP connections within which are HTTP/2 stream sessions. HTTP/2 stream sessions carry the actual HTTP/2 traffic.

By default, HTTP/2 connection sessions are not logged because they do not carry any application traffic.
However the stream sessions, which carry the interesting traffic, are logged in the traffic logs.

To enable logging for the connection sessions:
  • GUI, navigate to Device > Setup > Content-ID > HTTP/2 Settings
HTTP2 setting
  • CLI, command to enable logging 
set deviceconfig setting http2 connection-logging yes

Once enabled, sessions are logged under Tunnel Inspection logs.
Tunnel Inspection log


Additional Information
Refer to the 9.0 PAN-OS® New Features Guide for more information 
https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-new-features.html


Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000CmdVCAS&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Attachments
Choose Language