Is there a log filters quick reference?

Showing results for 
Search instead for 
Did you mean: 

Is there a log filters quick reference?

L1 Bithead

Is there a log filters quick reference?


L3 Networker

Are you refering to the GUI or command line?  In the GUI, you can click the "?" at the end of the search line and it will give you information about viewing logs.  Also in the GUI, you can click any of the clickable enties within a column and it will put that filter up in the search field for you.  It will always add the next filter as an "and", but if you want, you can change that "and" to "or" if that fits your intended query better.  As for the CLI, you can download the cli guide from the support.paloaltonetworks website for the version of PAN-OS you are running.  You can also just use the "?" on the CLI as well.  For example:

admin@PA-200> show session all filter ?

+ application         Application name

+ count               count number of sessions only

+ destination         destination IP address

+ destination-port    Destination port

+ destination-user    Destination user

+ egress-interface    egress interface

+ from                From zone

+ hw-interface        hardware interface

+ ingress-interface   ingress interface

+ min-kb              minimum KB of byte count

+ nat                 If session is NAT

+ nat-rule            NAT rule name

+ pbf-rule            Policy-Based-Forwarding rule name

+ protocol            IP protocol value

+ qos-class           QoS class

+ qos-node-id         QoS node-id value

+ qos-rule            QoS rule name

+ rematch             rematch sessions

+ rule                Security rule name

+ source              source IP address

+ source-port         Source port

+ source-user         Source user

+ ssl-decrypt         session is decrypted

+ start-at            Show next 1K sessions

+ state               flow state

+ to                  To zone

+ type                flow type

  |                   Pipe through a command

  <Enter>             Finish input

admin@PA-200> show session all filter

Hope this helps answer your question.  If not, please be more specific and I will try and get you the information you need.


Also, if you want to search all the logs from the command line you have this option:

admin@PA-200> show log data

+ action                      action

+ app                         app

+ category                    category

+ csv-output                  csv-output

+ direction                   direction

+ dport                       dport

+ dst                         dst

+ dstuser                     dstuser

+ end-time                    end-time

+ from                        from

+ query                       query

+ receive_time                receive_time

+ rule                        rule

+ sport                       sport

+ src                         src

+ srcuser                     srcuser

+ start-time                  start-time

+ suppress-threatid-mapping   suppress-threatid-mapping

+ to                          to

  |                           Pipe through a command

  <Enter>                     Finish input

admin@PA-200> show log data

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!