https://live.paloaltonetworks.com/t5/general-topics/syslogs-vs-traffic-logs-in-monitor/m-p/375881#M89235 <P>Good evening,</P><P>&nbsp;</P><P>I am working on a project that requires the use of&nbsp;<A href="https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/monitoring/view-and-manage-logs/log-types-and-severity-levels/threat-logs" target="_self">threat logs</A> and traffic logs of an institution with which I am affiliated. Our security manager can provide me access to our threat logs via the Monitor tab in PAN-OS. However, we are experiencing difficulty finding the traffic logs I need.</P><P>&nbsp;</P><P>I am looking for specific traffic logs, including the following features described in <A href="https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/monitoring/use-syslog-for-monitoring/syslog-field-descriptions/traffic-log-fields" target="_blank" rel="noopener">Traffic Log Fields</A>:</P><UL><LI><FONT face="arial,helvetica,sans-serif"><SPAN>Serial Number</SPAN></FONT></LI><LI><FONT face="arial,helvetica,sans-serif"><SPAN>Type</SPAN></FONT></LI><LI><FONT face="arial,helvetica,sans-serif"><SPAN>Threat/Content Type</SPAN></FONT></LI><LI><FONT face="arial,helvetica,sans-serif"><SPAN>Generate Time</SPAN></FONT></LI><LI><FONT face="arial,helvetica,sans-serif"><SPAN>Session ID</SPAN></FONT></LI><LI><FONT face="arial,helvetica,sans-serif"><SPAN>Repeat Count</SPAN></FONT></LI><LI><FONT face="arial,helvetica,sans-serif"><SPAN>Flags</SPAN></FONT></LI><LI><FONT face="arial,helvetica,sans-serif"><SPAN>Action</SPAN></FONT></LI><LI><FONT face="arial,helvetica,sans-serif"><SPAN>Bytes</SPAN></FONT></LI><LI><FONT face="arial,helvetica,sans-serif"><SPAN>Bytes Sent, Bytes Received</SPAN></FONT></LI><LI><FONT face="arial,helvetica,sans-serif"><SPAN>Packets, Packets Sent, Packets Received</SPAN></FONT></LI><LI><FONT face="arial,helvetica,sans-serif"><SPAN>Start Time</SPAN></FONT></LI><LI><FONT face="arial,helvetica,sans-serif"><SPAN>Elapsed Time</SPAN></FONT></LI><LI><FONT face="arial,helvetica,sans-serif"><SPAN>Session End Reason</SPAN></FONT></LI><LI><FONT face="arial,helvetica,sans-serif"><SPAN>Device Name</SPAN></FONT></LI></UL><P><FONT face="arial,helvetica,sans-serif"><SPAN>In conversations with the security manager, he says, "that articles refers to what you can push to syslog.. our logrythm system. Not what you can see on their logs. I am trying to see what else we can view." When I asked for clarification, he stated, "The document you cite is in regards&nbsp;to data sent to syslogs, not what is actually available via our log export on the traffic section of monitor." He isn't sure how or where we can find the aforementioned data features I am looking for.</SPAN></FONT></P><P>&nbsp;</P><P><FONT face="arial,helvetica,sans-serif"><SPAN>I have two questions:</SPAN></FONT></P><OL><LI><FONT face="arial,helvetica,sans-serif"><SPAN>Is there a relatively easy way for someone who has access to PAN-OS to download traffic log data containing those fields?</SPAN></FONT></LI><LI><FONT face="arial,helvetica,sans-serif"><SPAN>What is the difference between the logs in Monitor versus those in the Syslog?</SPAN></FONT></LI><LI><FONT face="arial,helvetica,sans-serif"><SPAN>What data is available via log export from the web interface? Can I include the fields in my list above that are missing from the logs he found in the web interface?</SPAN></FONT></LI></OL><P><FONT face="arial,helvetica,sans-serif"><SPAN>Thank you so much for your help. I am brand new to PAN-OS, and my coworker is doing me a favor by getting logs for me, so I want to be sure we can find them before I ask him to look again.</SPAN></FONT></P> Wed, 23 Dec 2020 01:11:49 GMT mjackson1 2020-12-23T01:11:49Z https://live.paloaltonetworks.com/t5/general-topics/syslogs-vs-traffic-logs-in-monitor/m-p/375881#M89235 <P>Good evening,</P><P>&nbsp;</P><P>I am working on a project that requires the use of&nbsp;<A href="https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/monitoring/view-and-manage-logs/log-types-and-severity-levels/threat-logs" target="_self">threat logs</A> and traffic logs of an institution with which I am affiliated. Our security manager can provide me access to our threat logs via the Monitor tab in PAN-OS. However, we are experiencing difficulty finding the traffic logs I need.</P><P>&nbsp;</P><P>I am looking for specific traffic logs, including the following features described in <A href="https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/monitoring/use-syslog-for-monitoring/syslog-field-descriptions/traffic-log-fields" target="_blank" rel="noopener">Traffic Log Fields</A>:</P><UL><LI><FONT face="arial,helvetica,sans-serif"><SPAN>Serial Number</SPAN></FONT></LI><LI><FONT face="arial,helvetica,sans-serif"><SPAN>Type</SPAN></FONT></LI><LI><FONT face="arial,helvetica,sans-serif"><SPAN>Threat/Content Type</SPAN></FONT></LI><LI><FONT face="arial,helvetica,sans-serif"><SPAN>Generate Time</SPAN></FONT></LI><LI><FONT face="arial,helvetica,sans-serif"><SPAN>Session ID</SPAN></FONT></LI><LI><FONT face="arial,helvetica,sans-serif"><SPAN>Repeat Count</SPAN></FONT></LI><LI><FONT face="arial,helvetica,sans-serif"><SPAN>Flags</SPAN></FONT></LI><LI><FONT face="arial,helvetica,sans-serif"><SPAN>Action</SPAN></FONT></LI><LI><FONT face="arial,helvetica,sans-serif"><SPAN>Bytes</SPAN></FONT></LI><LI><FONT face="arial,helvetica,sans-serif"><SPAN>Bytes Sent, Bytes Received</SPAN></FONT></LI><LI><FONT face="arial,helvetica,sans-serif"><SPAN>Packets, Packets Sent, Packets Received</SPAN></FONT></LI><LI><FONT face="arial,helvetica,sans-serif"><SPAN>Start Time</SPAN></FONT></LI><LI><FONT face="arial,helvetica,sans-serif"><SPAN>Elapsed Time</SPAN></FONT></LI><LI><FONT face="arial,helvetica,sans-serif"><SPAN>Session End Reason</SPAN></FONT></LI><LI><FONT face="arial,helvetica,sans-serif"><SPAN>Device Name</SPAN></FONT></LI></UL><P><FONT face="arial,helvetica,sans-serif"><SPAN>In conversations with the security manager, he says, "that articles refers to what you can push to syslog.. our logrythm system. Not what you can see on their logs. I am trying to see what else we can view." When I asked for clarification, he stated, "The document you cite is in regards&nbsp;to data sent to syslogs, not what is actually available via our log export on the traffic section of monitor." He isn't sure how or where we can find the aforementioned data features I am looking for.</SPAN></FONT></P><P>&nbsp;</P><P><FONT face="arial,helvetica,sans-serif"><SPAN>I have two questions:</SPAN></FONT></P><OL><LI><FONT face="arial,helvetica,sans-serif"><SPAN>Is there a relatively easy way for someone who has access to PAN-OS to download traffic log data containing those fields?</SPAN></FONT></LI><LI><FONT face="arial,helvetica,sans-serif"><SPAN>What is the difference between the logs in Monitor versus those in the Syslog?</SPAN></FONT></LI><LI><FONT face="arial,helvetica,sans-serif"><SPAN>What data is available via log export from the web interface? Can I include the fields in my list above that are missing from the logs he found in the web interface?</SPAN></FONT></LI></OL><P><FONT face="arial,helvetica,sans-serif"><SPAN>Thank you so much for your help. I am brand new to PAN-OS, and my coworker is doing me a favor by getting logs for me, so I want to be sure we can find them before I ask him to look again.</SPAN></FONT></P> Wed, 23 Dec 2020 01:11:49 GMT https://live.paloaltonetworks.com/t5/general-topics/syslogs-vs-traffic-logs-in-monitor/m-p/375881#M89235 mjackson1 2020-12-23T01:11:49Z https://live.paloaltonetworks.com/t5/general-topics/syslogs-vs-traffic-logs-in-monitor/m-p/375981#M89239 <P>logs that are forwarded to syslog need to have some fields added to be 'compatible' with syslog that don't necessarily make sense in the firewall's own log views (threat has its own view vs traffic, so in the GUI they're split up while in syslog some need to be combined to make sense to the syslog server)</P><P>The <STRONG>unified</STRONG> log view offers more 'fields' to pick from as it combines those separate logs in one view, you will be able to pick the ones you need from there and export as csv</P><P>&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="2020-12-23_10-28-19.jpg" style="width: 999px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/29230i460557FF3DBAC067/image-size/large/is-moderation-mode/true?v=v2&amp;px=999" role="button" title="2020-12-23_10-28-19.jpg" alt="2020-12-23_10-28-19.jpg" /></span></P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Wed, 23 Dec 2020 09:34:36 GMT https://live.paloaltonetworks.com/t5/general-topics/syslogs-vs-traffic-logs-in-monitor/m-p/375981#M89239 reaper 2020-12-23T09:34:36Z