Panorama configuration log, anyone?

by ‎08-21-2017 06:08 AM - edited ‎08-22-2017 09:25 AM (7,663 Views)

This log displays an entry for each configuration. Each entry includes the date and time, the administrator user name, the IP address from where the change was made, the type of client (web interface or CLI), the type of command executed, whether the command succeeded or failed, the configuration path, and the values before and after the change.

 

However, sometimes the menu option might be missing in Panorama.  Our member, @howardtopher, had this exact issue and reached out to the Live Community discussion forum for assistance.

 

discussion forum topicdiscussion forum topic

He knew that those logs must be there because on the main dashboard there is a small widget showing the latest 'Config Logs' as seen in the illustration below:

 

Config Logs WidgetConfig Logs WidgetThe problem was that under the 'Monitor' tab, he saw no 'Configuration' log menu, making it difficult to find any of those logs.

 

No Configuration menuNo Configuration menu

Sure, you can work your way through the CLI and get the desired config logs:

 

 

admin@Panorama> show log config direction equal backward
A maximum of 500 of last 7 day's logs will be displayed. Please use 'scp export log ...' if more logs are needed Time Generated      Time                Host            Command   Admin      Client Result     Serial ======================================================================================================== 2017/08/21 05:17:53 2017/08/21 05:17:53 10.192.16.164   commit    admin      Web    Submitted 0007emea1 2017/08/21 05:17:45 2017/08/21 05:17:45 10.192.16.164   rename    admin      Web    Succeeded 0007emea1 2017/08/21 05:17:45 2017/08/21 05:17:45 10.192.16.164   edit      admin      Web    Succeeded 0007emea1

 

That'll work but that's not very user friendly, is it...?

 

Instead, you just would like to have config logs, similar to the ones you have on your firewalls, easily accessible through the GUI.

 

On Panorama, the configuration log also exists ... you just have to make sure NOT to select a Device Group on the Monitor tab. Instead, make sure that the drop-down menu is set to 'All'.  In doing so, you'll see an immediate change in the menu structure on the left side showing you the previously missing 'Configuration' menu:

 

Device Group AllDevice Group All

 

This trick helped our member and I hope this little technique might be useful for other users out there!

 

Check out the full discussion in the link below if you would like to add your comment, or feel free to ask questions or post comments below!

 

https://live.paloaltonetworks.com/t5/General-Topics/Panorama-configuration-logs/m-p/171933#M54310

 

Cheers!

-Kiwi.

 

 

 

 

 

 

Comments
by vsys_remo
on ‎08-22-2017 11:06 AM

You have to use the same trick to see the system logs ;)

Ask Questions Get Answers Join the Live Community
Top Liked Posts