ant to check logging rate and disk-utilization used in M200 for log types

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

ant to check logging rate and disk-utilization used in M200 for log types

L3 Networker

We have configured collector group config with local log collector. All firewall's forwarding logs to collector, we can see log incoming rate in panorama for traffic , threat . But for URL , Wildfire and other types of logs logging rate is not showing. Also want to check disk-utilized by each logs type in collector. As we can see overall details and summary log quota. But no disk-utilization showing for individual log types. Also in firewall log forwarding status logging rate is not showing for url , wildfire and other types of logs.

 

URL-filtering , Wildfire-logs and data-filtering logs coming under which log types ? can we count this under traffic logs ?
If we want to forward only URL-filtering logs to Panorama , log forwarding of traffic logs is necessary ?

 

 

Panorama :

(primary-active)> debug log-collector log-collection-stats show incoming-logs

Deepak25_1-1628884239840.png

 

 

Firewall :

Deepak25_0-1628884038538.png

 

1 accepted solution

Accepted Solutions

L4 Transporter

@Deepak25 URL Filtering, File, Data and Wildfire are all subtypes of the Threat logs, not the Traffic Logs. Each of theses is sent in the threat logs with the relevant "Threat/Content Type (subtype)" field, e.g. "data", "wildfire", "url". 

https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/monitoring/use-syslog-for-monitoring/syslo...

 

Answering your second question, you can be very granular in choosing which logs are forwarded external and you can indeed forward particular subtype (for example URL filtering logs) to a log collector, without needing to forward all traffic logs. 

 

View solution in original post

3 REPLIES 3

L4 Transporter

@Deepak25 URL Filtering, File, Data and Wildfire are all subtypes of the Threat logs, not the Traffic Logs. Each of theses is sent in the threat logs with the relevant "Threat/Content Type (subtype)" field, e.g. "data", "wildfire", "url". 

https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/monitoring/use-syslog-for-monitoring/syslo...

 

Answering your second question, you can be very granular in choosing which logs are forwarded external and you can indeed forward particular subtype (for example URL filtering logs) to a log collector, without needing to forward all traffic logs. 

 

@batd2 Just want to reconfirm.

As you said url-filtering is coming under threat logs in detailed log types.

So if I want to forward only url-filtering logs , log forwarding of threat logs is not required. Is it correct ?

L4 Transporter

@Deepak25 Yes, you can configure only url log forwarding. 

It is a little bit confusing, as mentioned previous data, url, spyware, etc. are all subtypes of the Threat syslog. However when building your log forwarding profile object (Objects>Log Forwarding), threat has a different meaning. Threat will cover any threat subtype, which does not have specific log type selector, e.g. spyware, virus, vulnerability. URL, data  and wildfire logs will not be sent if you configure only log type "threat". 

  • 1 accepted solution
  • 3310 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!