This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Is there a log filters quick reference?

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Is there a log filters quick reference?

PotStirrer
L1 Bithead

‎07-18-2013 05:29 PM

Is there a log filters quick reference?

0 Likes Likes
2 REPLIES 2

cchristiansen
L3 Networker

‎07-18-2013 06:26 PM

Are you refering to the GUI or command line?  In the GUI, you can click the "?" at the end of the search line and it will give you information about viewing logs.  Also in the GUI, you can click any of the clickable enties within a column and it will put that filter up in the search field for you.  It will always add the next filter as an "and", but if you want, you can change that "and" to "or" if that fits your intended query better.  As for the CLI, you can download the cli guide from the support.paloaltonetworks website for the version of PAN-OS you are running.  You can also just use the "?" on the CLI as well.  For example:

admin@PA-200> show session all filter ?

+ application         Application name

+ count               count number of sessions only

+ destination         destination IP address

+ destination-port    Destination port

+ destination-user    Destination user

+ egress-interface    egress interface

+ from                From zone

+ hw-interface        hardware interface

+ ingress-interface   ingress interface

+ min-kb              minimum KB of byte count

+ nat                 If session is NAT

+ nat-rule            NAT rule name

+ pbf-rule            Policy-Based-Forwarding rule name

+ protocol            IP protocol value

+ qos-class           QoS class

+ qos-node-id         QoS node-id value

+ qos-rule            QoS rule name

+ rematch             rematch sessions

+ rule                Security rule name

+ source              source IP address

+ source-port         Source port

+ source-user         Source user

+ ssl-decrypt         session is decrypted

+ start-at            Show next 1K sessions

+ state               flow state

+ to                  To zone

+ type                flow type

  |                   Pipe through a command

  <Enter>             Finish input

admin@PA-200> show session all filter

Hope this helps answer your question.  If not, please be more specific and I will try and get you the information you need.

-chadd.

0 Likes Likes

cchristiansen
L3 Networker
In response to cchristiansen

‎07-18-2013 06:32 PM

Also, if you want to search all the logs from the command line you have this option:

admin@PA-200> show log data

+ action                      action

+ app                         app

+ category                    category

+ csv-output                  csv-output

+ direction                   direction

+ dport                       dport

+ dst                         dst

+ dstuser                     dstuser

+ end-time                    end-time

+ from                        from

+ query                       query

+ receive_time                receive_time

+ rule                        rule

+ sport                       sport

+ src                         src

+ srcuser                     srcuser

+ start-time                  start-time

+ suppress-threatid-mapping   suppress-threatid-mapping

+ to                          to

  |                           Pipe through a command

  <Enter>                     Finish input

admin@PA-200> show log data

0 Likes Likes
  • 2567 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks