search traffic logs by vsys in CLI

Reply
L1 Bithead

search traffic logs by vsys in CLI

Does anyone know how to specify your traffic logs by vsys and add multiple search parameters of the same type like you can in the gui? We are running PanOS 4.1.7. Notice that the app option does not show up anymore and and there is no vsys option.

PA-1(active)> show log traffic action equal deny app not-equal not-applicable

+ csv-output     csv-output

+ direction      direction

+ dport          dport

+ dst            dst

+ dstuser        dstuser

+ end-time       end-time

+ from           from

+ query          query

+ receive_time   receive_time

+ rule           rule

+ sport          sport

+ src            src

+ srcuser        srcuser

+ start-time     start-time

+ to             to

  |              Pipe through a command

Tags (2)
Highlighted
L6 Presenter

Re: search traffic logs by vsys in CLI

I cant find it either when looking through the CLI manual for PANOS 4.1.

It seems that only the alarm facility has the vsys option to filter on when doing show log:

> traffic — Displays traffic logs

+ action — Action equals or does not equal allow, deny, or drop

+ app — Equals or does not equal value

+ csv-output — Equals CSV output (no or yes)

+ direction — Backward or forward direction

+ dport — Destination port equals or does not equal (0-65535)

+ dst — Destination IP address in or not in (x.x.x.x/y or IPv6/netmask)

+ dstuser — Equals destination user name

+ end-time — Ending date and time YYYY/MM/DD@hh:mm:ss (e.g., 2011/08/01@10:00:00)

+ from — Equals or does not equal value

+ query — Equal to query value

+ receive_time — Receive time in the last specified time period (press <tab> for list)

+ rule — Equals or does not equal rule value

+ sport — Source port equals or does not equal (0-65535)

+ src — Source IP address in or not in (x.x.x.x/y or IPv6/netmask)

+ srcuser — Equals source user name

+ start-time — Starting date and time YYYY/MM/DD@hh:mm:ss (e.g., 2011/08/01@10:00:00)

+ to — Equals or does not equal value

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!