日语 (UTF-8) “文件名”将在数据过滤日志中更改为空格或无意义数字,以便进行 boxnet 下载或网络借用
5569
Created On 02/16/23 00:18 AM - Last Modified 02/02/24 06:10 AM
Symptom
对于上传到某些门户网站的“PaloaltoぱろあるとTestテスト.xlsx .xlsx”文件名,策略实施按预期工作,但日语文件名将在数据过滤日志中出现乱码,如下所示。
admin@GPGW_587822_ap-northeast-1_nippo> show log data receive_time in last-15-minutes direction equal backward app equal boxnet-downloading Time App From Src Port Source Rule Action To Dst Port Destination Severity Src User Dst User Threat Pcap_id Rule_UUid File Name ========================================================================================== 2023/xx/xx 16:10:42 boxnet-download trust 58600 10.10.0.4 file-upload-test-fo deny untrust 443 xx.xx.xx.xx low user01 ZIP(52004) 0 7b624028-80a4-4a09-ab6c-ad9420eac9ae Paloalto Test .xlsx 2023/xx/xx 16:09:37 boxnet-download trust 58600 10.10.0.4 file-upload-test-fo deny untrust 443 xx.xx.xx.xx low user01 ZIP(52004) 0 7b624028-80a4-4a09-ab6c-ad9420eac9ae Paloalto Test .xlsx admin@GPGW_587822_ap-northeast-1_nippo> show log data receive_time in last-15-minutes direction equal backward app equal web-browsing Time App From Src Port Source Rule Action To Dst Port Destination Severity Src User Dst User Threat Pcap_id Rule_UUid File Name ========================================================================================== 2023/xx/xx 15:32:43 web-browsing trust 52005 10.10.0.4 file-upload-test-fo deny untrust 443 xx.xx.xx.xx low user01 ZIP(52004) 0 7b624028-80a4-4a09-ab6c-ad9420eac9ae 1674455557.822.40031.201129602.xlsx 2023/xx/xx 15:32:37 web-browsing trust 52001 10.10.0.4 file-upload-test-fo deny untrust 443 xx.xx.xx.xx low user01 ZIP(52004) 0 7b624028-80a4-4a09-ab6c-ad9420eac9ae 1674455552.0716.21153.201129601.xlsx
Environment
棱镜访问
Cause
这些文件名“Paloalto Test .xlsx”或“1674455557.822.40031.201129602.xlsx”文件名实际上是从这些门户生成的有效负载中检索的。
Resolution
这是按照当前设计工作的。