Filtering Traffic Logs for Only Unidentified Users

Filtering Traffic Logs for Only Unidentified Users

32067
Created On 09/25/18 17:50 PM - Last Modified 06/12/23 16:55 PM


Resolution


Overview

In Captive Portal scenarios, traffic flows through the Palo Alto Networks device for unidentified users. The traffic logs show an empty Source User for unidentified users:

 

No filter is available to view only the logs that have an empty Source User column.

 

Resolution

To view only the logs that empty or unidentified Source Users:

  1. On the Monitor > Logs > Traffic page, click the Add Filter button (green plus icon).
  2. Configure the filter with Attribute = Source User and Operator = is present:
    The filter gets added as (user.src neq '').
  3. Remove the 'n' from 'neq,' so that the filter appears as (user.src eq '').
  4. Click the Apply Filter button (green arrow) to activate the filter.
    9892_pastedImage_4.png

owner: kadak
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClKJCA0&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language