1.) I have just installed Palo Alto 7.1 in Eve-NG, and made two interfaces as Vwire with zone Trust and Untrust.
2.) I am able to access access everthing (e.g. internet, ping, etc.) hence policies are working fine as I have created a policy to allow everything from Trust to Untrust.
However I am not able to see any Traffic logs in the GUI it is blank.
Kindly see the below screenshot for your reference and let me know what's the reason please.
Thanks in advance.
This may sound obvious but make sure you are enabling the logging on the security policies your traffic is hitting. you can log at session start and or sesssion end.
Same issue, logs are not showing in GUI and as well as CLI but logs are being written.
admin@PA-VM> show log traffic
Time App From Src Port Source
Rule Action To Dst Port Destination
Src User Dst User End Reason
admin@PA-VM> debug log-receiver statistics
Log incoming rate: 1/sec
Log written rate: 1/sec
Corrupted packets: 0
Corrupted URL packets: 0
Corrupted HTTP HDR packets: 0
Corrupted HTTP HDR Insert packets: 0
Corrupted EMAIL HDR packets: 0
Logs discarded (queue full): 0
Traffic logs written: 120
Yes the VM needs to be licensed,
but you can still see some logs over
Policies>security> "click on your rule" > usage
Or- from CLI
> show session all
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!