Which system logs and threat logs are generated when packet buffer protection is enabled
42645
Created On 10/29/19 15:51 PM - Last Modified 04/27/20 22:13 PM
Question
Which system logs and threat logs are generated when packet buffer protection is enabled?
Environment
- PAN-OS 8.x
- PBP
Answer
The firewall records alert events in the System log and events for dropped traffic, discarded sessions, and blocked IP address in the Threat log.
- System logs:
Logs: Monitor>System Packet buffer congestion Severity: informational
- Threat logs:
Monitor>Threat Logs Threat ID: 8507 Threat type: Flood Threat name: PBP Packet Drop Severity: high Description: Packet buffer protection enforcing RED packet drop. Threat ID: 8508 Threat type: Flood Threat name: PBP Session Discarded Severity: high Description: Packet buffer protection enforcing session discard. Threat ID: 8509 Threat type: Flood Threat name: PBP IP Blocked Severity: high Description: Packet buffer protection enforcing source IP block.
Log examples:
- System Logs
Domain Receive Time Serial # Type Threat/Content Type Config Version Generate Time Virtual System Event ID Object fmt id module Severity Description 1 10/11/2019 12:01 xxxxxxx SYSTEM general 1 10/11/2019 12:01 general 0 0 general informational Packet buffer congestion is 14272/17203 (82%)(alert threshold is 40%).
- Threat Logs
Domain Receive Time Serial # Type Threat/Content Type Config Version Generate Time Source address Destination address NAT Source IP NAT Destination IP Rule Source User Destination User Application Virtual System Source Zone Destination Zone Inbound Interface Outbound Interface Log Action Time Logged Session ID Repeat Count Source Port Destination Port NAT Source Port NAT Destination Port Flags IP Protocol Action URL/Filename Threat/Content Name Category Severity 1 10/11/2019 12:02 xxxxxxx THREAT flood 1 10/11/2019 12:02 10.10.10.10 192.168.10.10 not-applicable vsys1 vwire 10/11/2019 12:02 33555666 1 20033 20033 0 0 0x102000 hopopt block PBP Session Discarded(8508) any high 1 10/11/2019 12:02 xxxxxxx THREAT flood 1 10/11/2019 12:02 10.10.10.10 192.168.10.10 not-applicable vsys1 vwire 10/11/2019 12:02 33555666 1 20033 20033 0 0 0x102000 hopopt drop PBP Packet Drop(8507) any high
Also, global counter log(s) will be created:
flow_dos_pbp_drop - Packets dropped: Dropped by packet buffer protect