Why is the log-forwarding email subject truncated after upgrade PAN-OS?

Why is the log-forwarding email subject truncated after upgrade PAN-OS?

1805
Created On 06/10/21 05:44 AM - Last Modified 08/11/23 02:13 AM


Question


  • Upgrade of PAN-OS from 8.1 to 9.0 and later
  • After upgrade, Why is the log-forwarding email subject truncated? Example below
"Subject: PA-820-1 - THREAT ALERT : medium : xxx.xxx.xxx.xxx-> yyy.yyy.yyy.yyy Suspicious DNS Query (generic:00230.c..."


 

Environment


  • Platform: All
  • PAN-OS: 9.0+
  • Using log-forwarding with email

Answer


  1. Before PAN-OS 9.0, the entire object was included in the subject of the email.
  2. Some of the newer events, this object can be 512 bytes long.
  3. This object is also included in the body of the email making it redundant.
  4. For this reason the max length of the email subject in PAN-OS 9.0 or later is set to 100 bytes.
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000001VcHCAU&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail