- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
07-18-2013 05:29 PM
07-18-2013 06:26 PM
Are you refering to the GUI or command line? In the GUI, you can click the "?" at the end of the search line and it will give you information about viewing logs. Also in the GUI, you can click any of the clickable enties within a column and it will put that filter up in the search field for you. It will always add the next filter as an "and", but if you want, you can change that "and" to "or" if that fits your intended query better. As for the CLI, you can download the cli guide from the support.paloaltonetworks website for the version of PAN-OS you are running. You can also just use the "?" on the CLI as well. For example:
admin@PA-200> show session all filter ?
+ application Application name
+ count count number of sessions only
+ destination destination IP address
+ destination-port Destination port
+ destination-user Destination user
+ egress-interface egress interface
+ from From zone
+ hw-interface hardware interface
+ ingress-interface ingress interface
+ min-kb minimum KB of byte count
+ nat If session is NAT
+ nat-rule NAT rule name
+ pbf-rule Policy-Based-Forwarding rule name
+ protocol IP protocol value
+ qos-class QoS class
+ qos-node-id QoS node-id value
+ qos-rule QoS rule name
+ rematch rematch sessions
+ rule Security rule name
+ source source IP address
+ source-port Source port
+ source-user Source user
+ ssl-decrypt session is decrypted
+ start-at Show next 1K sessions
+ state flow state
+ to To zone
+ type flow type
| Pipe through a command
<Enter> Finish input
admin@PA-200> show session all filter
Hope this helps answer your question. If not, please be more specific and I will try and get you the information you need.
-chadd.
07-18-2013 06:32 PM
Also, if you want to search all the logs from the command line you have this option:
admin@PA-200> show log data
+ action action
+ app app
+ category category
+ csv-output csv-output
+ direction direction
+ dport dport
+ dst dst
+ dstuser dstuser
+ end-time end-time
+ from from
+ query query
+ receive_time receive_time
+ rule rule
+ sport sport
+ src src
+ srcuser srcuser
+ start-time start-time
+ suppress-threatid-mapping suppress-threatid-mapping
+ to to
| Pipe through a command
<Enter> Finish input
admin@PA-200> show log data
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!