升级后PAN-OS10.1.5,系统日志在几个字段中包含意外值。
6489
Created On 05/26/22 08:44 AM - Last Modified 06/25/25 02:21 AM
Symptom
- 升级后PAN-OS10.1.5,系统日志在几个字段中包含意外值。
- 此问题发生在威胁类型日志中,包括URL过滤,WildFire提交日志。
- 已出口CSV日志也受到影响。
- 以下字段具有意外值。
Source Dynamic Address Group Cloud X-Forwarded-For Referer Sender Subject Recipient file_url HTTP Headers URL Category List Destination Dynamic Address Group Justification - 在此系统日志条目中,字段中记录了“computer-and-internet-info,low-risk”。
May 12 19:28:56 PA-VM 1,2022/05/12 19:28:56,00XXXXXXXXXXXX,THREAT,virus,2561, 2022/05/12 19:28:56,172.16.1.1,89.238.73.97,10.1.1.38,89.238.73.97,Trust-to-Untrust,,,web-browsing,vsys1,L3-Trust,L3-Untrust,ethernet1/6,ethernet1/3,log-forwarding, 2022/05/12 19:28:56,143,1,41916,443,53156,443,0x1402000,tcp,reset-server,"secure.eicar.org/eicar.com",Eicar Test File(100000),computer-and-internet-info,medium,server-to-client,7096783645267984433,0x0,172.16.0.0-172.31.255.255, Germany,,,0,,"computer-and-internet-info,low-risk",1,,,"computer-and-internet-info,low-risk","computer-and-internet-info,low-risk","computer-and-internet-info,low-risk", "computer-and-internet-info,low-risk","computer-and-internet-info,low-risk",0,0,0,0,0,,PA-VM,"computer-and-internet-info,low-risk",,,,0,,0,,N/A,js,Antivirus-0-0,0x0,0,4294967295, "computer-and-internet-info,low-risk","computer-and-internet-info,low-risk",6203a7f4-d76f-4dcb-9c07-1de7b171f633,0,,,,,,,,,,,,,,,,,,,,,,,,,,,"computer-and-internet-info,low-risk", "computer-and-internet-info,low-risk",0,2022-05-12T19:28:56.588+09:00,,"computer-and-internet-info,low-risk",,internet-utility,general-internet,browser-based,4, "used-by-malware,able-to-transfer-file,has-known-vulnerability,tunnel-other-application,pervasive-use",,web-browsing,no,no
Environment
- 帕洛阿尔托 Firewall
- PAN-OS 10.1.5、10.1.5-h1 和 10.1.5-h2
Cause
- 问题是PAN-193579.它导致缓冲区中的现有值被复制到日志输出中。
- 它已被固定在PAN-OS10.1.6。
Resolution
升级PAN-OS到 10.1.6。