- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
01-09-2015 06:59 AM
Hello
I am new to the Palo Alto firewall and community. I really enjoy working with the PA-500's that I have. What I am trying to figure out though, is how, if even possible, I could create a report showing the previous day's IPSEC users. I am hoping that possibly someone who is more experienced will have some idea of how I could accomplish this.
Thank you in advance!
01-09-2015 12:53 PM
In Monitor > Logs > Traffic you can give the timeframe as previous day using filter ( receive_time leq '2015/01/09 23:59:59' ) and ( receive_time geq '2015/01/09 00:00:00' ) and ( zone.src eq "GP-zone" )
Hope it helps !
01-09-2015 08:58 AM
I'm sure you can get this by creating a custom report in the reporting section. I don't have Remote Access set up in my deployment but I'll take a quick look if I can give you an example for report settings.
You may just have to poke around to see what data is available to you. The reporting section is pretty easy to figure out if you know what you are trying to do.
01-09-2015 12:53 PM
In Monitor > Logs > Traffic you can give the timeframe as previous day using filter ( receive_time leq '2015/01/09 23:59:59' ) and ( receive_time geq '2015/01/09 00:00:00' ) and ( zone.src eq "GP-zone" )
Hope it helps !
01-09-2015 01:25 PM
HI Shannonturner,
Yes it is possible . We can generate a report for this .
If you are looking for Clients who got connected through Global protect. The only thing we want is a different zone for Global Protect users. If we have that , we can go to :
Monitor --> Manage Custom Reports-->Add
In query builder, just create a query by selecting source zone equal to the actual name of the zone as shown above. You can also specify the time frame like 24 hours and we have other options too.
Once all the fields are selected just click on Run Now.
Please try this and let us know if was helpful .
01-09-2015 01:49 PM
Are you using HIP profiles for your GP clients?
Perhaps we could create a custom report to show you the HIP matches for the past 24 hours and group by source user.
Example:
We could also look through the system logs, under Monitor, for...
(subtype eq global protect)
Combine this with filtering the description for successful logins only, and you will get...
(subtype eq globalprotect) and ( description contains 'Login from' )
Example:
01-09-2015 01:51 PM
Also be sure to add the Source User from the Available Column to the Selected Column and move it to the top, also group the report by 'Source User' and set the filter to 500.
Feel free to play with the options to tailor the report to your needs:
Also to schedule the report make user to check the box 'Scheduled', then create a email scheduler for the report.
Cheers!
01-09-2015 01:54 PM
Thank you for assisting me with this. It worked out just how I wanted.
01-09-2015 01:54 PM
Thank you for the response! This was helpful.
01-09-2015 01:57 PM
Thank you for the reply!
01-09-2015 01:57 PM
Thank you for your reply!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!