Error:
An unexpected error occurred. Please click Reload to try again.
Error:
An unexpected error occurred. Please click Reload to try again.
Which system logs and threat logs are generated when packet buf... - Knowledge Base - Palo Alto Networks

Which system logs and threat logs are generated when packet buffer protection is enabled

42645
Created On 10/29/19 15:51 PM - Last Modified 04/27/20 22:13 PM


Question


Which system logs and threat logs are generated when packet buffer protection is enabled?

Environment


  • PAN-OS 8.x
  • PBP


Answer


The firewall records alert events in the System log and events for dropped traffic, discarded sessions, and blocked IP address in the Threat log.
  • System logs:
Logs:
Monitor>System
Packet buffer congestion
Severity: informational
  • Threat logs:
Monitor>Threat Logs
Threat ID: 8507
Threat type: Flood
Threat name: PBP Packet Drop
Severity: high
Description: Packet buffer protection enforcing RED packet drop.
Threat ID: 8508
Threat type: Flood
Threat name: PBP Session Discarded
Severity: high
Description: Packet buffer protection enforcing session discard.
Threat ID: 8509
Threat type: Flood
Threat name: PBP IP Blocked
Severity: high
Description: Packet buffer protection enforcing source IP block.

Log examples:
- System Logs
Domain Receive Time Serial # Type Threat/Content Type Config Version Generate Time Virtual System Event ID Object fmt id module Severity Description
1 10/11/2019 12:01 xxxxxxx SYSTEM general 1 10/11/2019 12:01 general 0 0 general informational Packet buffer congestion is 14272/17203 (82%)(alert threshold is 40%).


- Threat Logs
Domain Receive Time Serial # Type Threat/Content Type Config Version Generate Time Source address Destination address NAT Source IP NAT Destination IP Rule Source User Destination User Application Virtual System Source Zone Destination Zone Inbound Interface Outbound Interface Log Action Time Logged Session ID Repeat Count Source Port Destination Port NAT Source Port NAT Destination Port Flags IP Protocol Action URL/Filename Threat/Content Name Category Severity
1 10/11/2019 12:02 xxxxxxx THREAT flood 1 10/11/2019 12:02 10.10.10.10 192.168.10.10 not-applicable vsys1 vwire 10/11/2019 12:02 33555666 1 20033 20033 0 0 0x102000 hopopt block PBP Session Discarded(8508) any high
1 10/11/2019 12:02 xxxxxxx THREAT flood 1 10/11/2019 12:02 10.10.10.10 192.168.10.10 not-applicable vsys1 vwire 10/11/2019 12:02 33555666 1 20033 20033 0 0 0x102000 hopopt drop PBP Packet Drop(8507) any high


Also, global counter log(s) will be created:
flow_dos_pbp_drop - Packets dropped: Dropped by packet buffer protect

 


Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PNGFCA4&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail