Vlan information in logs

Reply
Highlighted
Not applicable

Vlan information in logs

Device: PA-2050

OS: PANOS-3.0.6

Hi

I have a question about Vlan. In the different logs you cant find "source vlan" anywhere. I belive this is cause Palo Alto is a zone based firewall and you should use zones to separate different network types rather than interfaces and vlans.

However...

When doing troubleshooting, vlan information would be really good in the traffic and threat logs. And when you connect a Palo Alto using a tap port you cannot even create different zones for different vlans cause the TAP interfaces can't be assigned to vlans.

The reason i'm asking is because of this scenario:

1 Palo Alto hooked up using 1 TAP port. This TAP port contains several vlans. When i examine the logs afterward it all shows up as the security zone connected to the tap interface. I want to be able to tell which alarms triggered on what vlannumber.

/Henrik

L4 Transporter

Re: Vlan information in logs

Hello Henrik,

currently there is nothing in our Monitor logs that allow you to filter by a vlan number.

Howerver if you click on the green button for the "add filtering expression" you will see varying filtering options that may help.

Perhaps you could filter on source/destingation ip, port, or interface.

thank you,

Stephen

Not applicable

Re: Vlan information in logs

Hi

Thank you for your reply.

Unfortunately the point of checking the vlan field in the monitoring logs its to feed another system with information. This system wants vlan information in order to sort logs into separate containers. And since all traffic are coming in on a TAP port with multiple vlans interface filtering is rellly not applicable.

Since we get the logs either by syslog or scp/cli access is there a way to see the vlan information in the cli with the "show logs" or something?

And also, do you have any plans on implementing vlan information in the monitoring logs in the future?

//Henrik

L4 Transporter

Re: Vlan information in logs

Hello Henrik,

I created a feature request for the vlan information to be added to the (traffic) logging.

Keep an eye on feature releases to see if it has been implemented :-).

Marcel

L4 Transporter

Re: Vlan information in logs

Great..thanks.

Not applicable

Re: Vlan information in logs

Great, thanks Marcel.

If you also could add it to the "threat-logs" aswell that would be super-great :smileyhappy:

//Henrik

Not applicable

Re: Vlan information in logs

Any news on when this feature will be available?

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!