EDL message :"Downloaded file is not a text file. Using old copy for refresh"
36681
Created On 03/12/19 18:02 PM - Last Modified 04/19/24 19:48 PM
Symptom
System Logs contain messages like: "Downloaded file is not a text file. Using old copy for refresh"
Note: EDL names are just for illustration.
system logs from CLI:
2019/04/12 16:01:40 medium general general 0 EDL(EDL-not-text-extension-is-txt) Downloaded file is not a text file. 2019/04/12 16:01:40 medium general general 0 EDL(EDL-not-text) Downloaded file is not a text file. 2019/04/12 16:01:40 medium general general 0 EDL(EDL-empty) Downloaded file is not a text file.
WebGUI:
Sometimes you may see those errors even during commit:
Environment
- PAN-OS
- EDL configured
Cause
The system logs are not errors per se
They are "medium" severity messages that are printed, in the following conditions:
- The downloaded file is NOT in text file format.
- The text file is empty.
- The server returns any other server response code other than 200OK.
By design HTML/HTTP error codes are not recorded and a generic message is printed.
In essence, If the downloaded file is not text file, it logs that it is not a text file.
It doesn't save the output error response received from remote server.
Resolution
- Manually try accessing the EDL server and check contents.
- Run tcp dump on management interface and check the downloaded file (easier if it is http/non-encrypted).
- Rectify the source file format and ensure:
- The list is not empty
- The file format is text.
> file -b --mime-type "xxx.txt" application/octet-stream
> file -b --mime-type "yyy.txt" text/plainThe first file xxx.txt is "application/octet-stream", though it has .txt extension.
A plain text file should have the type as "text/plain".
If it is due to server-side errors, then you can contact the server administrator (in case of locally administered server
Use an alternate/ different EDL server.
Additional Information
You can set up your own EDL server using MineMeld:
https://www.paloaltonetworks.com/products/secure-the-network/subscriptions/minemeld
https://live.paloaltonetworks.com/t5/MineMeld/ct-p/MineMeld
https://docs.paloaltonetworks.com/autofocus/autofocus-admin/autofocus-apps/minemeld
On wireshark pcaps you can verify the http header to see the file format.
text file:
HTTP/1.1 200 OK Date: Fri, 12 Apr 2019 22:51:59 GMT Server: Apache/2.4.29 (Ubuntu) Last-Modified: Fri, 12 Apr 2019 22:39:01 GMT ETag: "0-5865cf820f18a" Accept-Ranges: bytes Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/plain
docx file:
HTTP/1.1 200 OK Date: Fri, 12 Apr 2019 22:52:37 GMT Server: Apache/2.4.29 (Ubuntu) Last-Modified: Fri, 12 Apr 2019 22:39:44 GMT ETag: "2dc4-5865cfaaa9a0c" Accept-Ranges: bytes Content-Length: 11716 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: application/vnd.openxmlformats-officedocument.wordprocessingml.document
file with extension .txt but actual file is not text:
HTTP/1.1 200 OK Date: Fri, 12 Apr 2019 22:53:05 GMT Server: Apache/2.4.29 (Ubuntu) Last-Modified: Fri, 12 Apr 2019 22:39:23 GMT ETag: "2dc4-5865cf96e60eb-gzip" Accept-Ranges: bytes Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 9009 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/plain