GlobalProtect client logging

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

GlobalProtect client logging

L2 Linker

Hello,

The GlobalProtect version we are using is 2.0.4 (the free single gateway version in on demand mode), the firewall is on 5.0.8. The problem I am hearing about is that some people are having trouble connecting, the icon spins and is not able to connect. They are able to hit the web so the plumbing is working good enough for http traffic but perhaps there are other issues. The only help from the firewall I can find is a log stating a disconnect for timeout. Is there any way for me to enable globalprotect logging on the client that I can retrieve myself without involving them in the process of asking them to enable it? Ideally I would like to enable debug logging and use the splunk forwarder to send the logs without any effort on their part. Is this possible?

1 accepted solution

Accepted Solutions

I'm going to answer my own question...

It looks like the log files are always enabled and being updated in program files\palo alto networks\globalprotect. In this folder are all of the log files ready for the taking.

View solution in original post

4 REPLIES 4

L7 Applicator

Hello ldavie ,

You may try below mentioned document: Troubleshooting GlobalProtect, PAN-OS 4.1

Page No-10 (Section 7: How to Troubleshoot GlobalProtect Connection Issues )

Once the logs will be generated on the firewall, you have to find some way to send it to SPLUNK ( may be through a script). GP agent would not be able to send the data to any logging server.

Hope this helps.

Thanks

L7 Applicator

Hello ldavie


You can open GP client window and go to Advance view. Then start logging on the client:

PanGPA/PanGPS logs will be available at C:\Program Files\Palo Alto Networks\GlobalProtect

GP-logs.jpg

Hope this helps.

Thanks

Thanks Hulk, that much I already know. The trouble is that this is already too much to ask my users to do, I need to be able to do this remotely by having a way to configure this from the firewall, or a reg entry to set it always on, or something else so that I can pull and look at the logs whenever I need to without asking the users.

I'm going to answer my own question...

It looks like the log files are always enabled and being updated in program files\palo alto networks\globalprotect. In this folder are all of the log files ready for the taking.

  • 1 accepted solution
  • 3461 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!