https://live.paloaltonetworks.com/t5/globalprotect-discussions/globalprotect-client-log-dump-format/m-p/590945#M5524 <P>There is so much data here that it can be hard to define in a single post.&nbsp; What I would start with is the first number (P5200-T7744). These are the Process Identification Numbers (PID) of the service and threads that are running. The number after that (1916) is the command being sent.<BR /><BR />In the PanGPS file for example you can look up the command 25 to see newly started threads.&nbsp;<BR /><BR />(P16240-T48584)Debug( 25): 06/26/24 09:07:22:689 create thread 0x5dc720 with thread ID 45612<BR />(P6668-T16780)Debug( 25): 06/28/24 14:06:22:680 create thread 0xb18 with thread ID 39684<BR /><BR />If you search for the ID then next line that contains the number it should give you an idea of what the thread is doing. Some threads will give the name of the process, but in the example of the gateway being checked it will not provide a name.<BR /><BR />(P16240-T45612)Debug( 449): 06/26/24 09:07:22:689 VpnProcMonitor thread starts</P> <P>(P6668-T39684)Debug(5717): 06/28/24 14:06:22:696 getaddrinfo host.GetString() xxx.gpcloudservice.com</P> <P>&nbsp;</P> <P>So searching for the string in the first parenthesis will provide you what occurred during the life cycle of the thread.&nbsp; Be aware that some threads will remain active through out the logs and so some data will be missing due to log roll-over.&nbsp; Hope that helps some.</P> Tue, 02 Jul 2024 15:31:23 GMT gshort 2024-07-02T15:31:23Z https://live.paloaltonetworks.com/t5/globalprotect-discussions/globalprotect-client-log-dump-format/m-p/487692#M2780 <P>Hi,</P><P>I would like to parse and correlate multiple .log files from GP log dump.<BR /><BR />Example log from PanGPS.log</P><P>&nbsp;</P><PRE>(P5200-T7744)Debug(1916): 05/16/22 12:47:28:106 Send response to client for request hip-ack │<BR />(P5200-T7744)Dump (11923): 05/16/22 12:47:28:106 Set m_bPreviousSwitchOffMsg to 0</PRE><P>&nbsp;Do you know what are the types/meaning of the fields?<BR /><BR />Thank you</P> Tue, 17 May 2022 06:52:38 GMT https://live.paloaltonetworks.com/t5/globalprotect-discussions/globalprotect-client-log-dump-format/m-p/487692#M2780 Martin_Zichacek 2022-05-17T06:52:38Z https://live.paloaltonetworks.com/t5/globalprotect-discussions/globalprotect-client-log-dump-format/m-p/590945#M5524 <P>There is so much data here that it can be hard to define in a single post.&nbsp; What I would start with is the first number (P5200-T7744). These are the Process Identification Numbers (PID) of the service and threads that are running. The number after that (1916) is the command being sent.<BR /><BR />In the PanGPS file for example you can look up the command 25 to see newly started threads.&nbsp;<BR /><BR />(P16240-T48584)Debug( 25): 06/26/24 09:07:22:689 create thread 0x5dc720 with thread ID 45612<BR />(P6668-T16780)Debug( 25): 06/28/24 14:06:22:680 create thread 0xb18 with thread ID 39684<BR /><BR />If you search for the ID then next line that contains the number it should give you an idea of what the thread is doing. Some threads will give the name of the process, but in the example of the gateway being checked it will not provide a name.<BR /><BR />(P16240-T45612)Debug( 449): 06/26/24 09:07:22:689 VpnProcMonitor thread starts</P> <P>(P6668-T39684)Debug(5717): 06/28/24 14:06:22:696 getaddrinfo host.GetString() xxx.gpcloudservice.com</P> <P>&nbsp;</P> <P>So searching for the string in the first parenthesis will provide you what occurred during the life cycle of the thread.&nbsp; Be aware that some threads will remain active through out the logs and so some data will be missing due to log roll-over.&nbsp; Hope that helps some.</P> Tue, 02 Jul 2024 15:31:23 GMT https://live.paloaltonetworks.com/t5/globalprotect-discussions/globalprotect-client-log-dump-format/m-p/590945#M5524 gshort 2024-07-02T15:31:23Z