browse
Overview
When users download the Umbrella logs from either Cisco's managed S3 bucket or their own S3 bucket, some of Cloud Delivered Firewall (CDFW) logs are returning an empty value for "sourcePort" and "destinationPort" inputs.
Explanation
Whether or not the internal port information of the user traffic is available depends on the protocol of the traffic. Since ICMP traffic does not have port numbers, no port information will be logged.
"2020-06-09 18:52:38","[419244240]","raspberrypi","Network Tunnels",
"OUTBOUND","1","84","192.168.64.112","","8.8.8.8","","nyc1.edc",
"1614180","ALLOW"
When traffic using TCP and UDP are logged, then the port information will be displayed.
"2020-06-09 18:53:49","[419244240]","raspberrypi","Network Tunnels",
"OUTBOUND","17","75","192.168.64.112","57405","8.8.8.8","53","nyc1.edc",
"1614180","ALLOW"
More information on CDFW logs can be found here: Log Format and Versioning - Cloud Firewall Logs