This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

Report on Last Calendar Day IPSEC users

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Report on Last Calendar Day IPSEC users

Go to solution
ShannonTurner
Not applicable

‎01-09-2015 06:59 AM

Hello

I am new to the Palo Alto firewall and community.  I really enjoy working with the PA-500's that I have.  What I am trying to figure out though, is how, if even possible, I could create a report showing the previous day's IPSEC users.  I am hoping that possibly someone who is more experienced will have some idea of how I could accomplish this.

Thank you in advance!

Labels:
0 Likes Likes
1 accepted solution

Accepted Solutions

Go to solution
bat
L5 Sessionator

‎01-09-2015 12:53 PM

shannonturner

In Monitor > Logs > Traffic you can give the timeframe as previous day using filter ( receive_time leq '2015/01/09 23:59:59' ) and ( receive_time geq '2015/01/09 00:00:00' ) and ( zone.src eq "GP-zone" )

Hope it helps !

View solution in original post

0 Likes Likes
9 REPLIES 9

Go to solution
Dz3015
L4 Transporter

‎01-09-2015 08:58 AM

I'm sure you can get this by creating a custom report in the reporting section.  I don't have Remote Access set up in my deployment but I'll take a quick look if I can give you an example for report settings.

You may just have to poke around to see what data is available to you.  The reporting section is pretty easy to figure out if you know what you are trying to do.

0 Likes Likes

Go to solution
bat
L5 Sessionator

‎01-09-2015 12:53 PM

shannonturner

In Monitor > Logs > Traffic you can give the timeframe as previous day using filter ( receive_time leq '2015/01/09 23:59:59' ) and ( receive_time geq '2015/01/09 00:00:00' ) and ( zone.src eq "GP-zone" )

Hope it helps !

0 Likes Likes

Go to solution
MSharma
L1 Bithead

‎01-09-2015 01:25 PM

HI Shannonturner,

Yes it is possible . We can generate a report for this .

If you are looking for Clients who got connected through Global protect. The only thing we want is a different zone for Global Protect users. If we have that , we can go to :

Monitor  --> Manage Custom Reports-->Add

Capturegp.JPG

In query builder, just create a query by selecting source zone  equal to the actual name of the zone as shown above. You can also specify the time frame like 24 hours and we have other options too.

Once all the fields are selected just click on Run Now.

Please try this and let us know if was helpful .

Go to solution
mmmccorkle
L4 Transporter

‎01-09-2015 01:49 PM

Are you using HIP profiles for your GP clients?

Perhaps we could create a custom report to show you the HIP matches for the past 24 hours and group by source user.

Example:

gpreport.png

We could also look through the system logs, under Monitor, for...

(subtype eq global protect)

Combine this with filtering the description for successful logins only, and you will get...

(subtype eq globalprotect)  and ( description contains 'Login from' )

Example:

system logs gp.jpggpsystem.jpg

0 Likes Likes

Go to solution
oklier
L3 Networker
In response to MSharma

‎01-09-2015 01:51 PM

Also be sure to add the Source User from the Available Column to the Selected Column and move it to the top, also group the report by 'Source User' and set the filter to 500.

Feel free to play with the options to tailor the report to your needs:

Also to schedule the report make user to check the box 'Scheduled', then create a email scheduler for the report.

Cheers!

0 Likes Likes

Go to solution
ShannonTurner
Not applicable
In response to bat

‎01-09-2015 01:54 PM

Thank you for assisting me with this.  It worked out just how I wanted.

0 Likes Likes

Go to solution
ShannonTurner
Not applicable
In response to MSharma

‎01-09-2015 01:54 PM

Thank you for the response!  This was helpful.

0 Likes Likes

Go to solution
ShannonTurner
Not applicable
In response to mmmccorkle

‎01-09-2015 01:57 PM

Thank you for the reply!

0 Likes Likes

Go to solution
ShannonTurner
Not applicable
In response to oklier

‎01-09-2015 01:57 PM

Thank you for your reply!

0 Likes Likes
  • 1 accepted solution
  • 4386 Views
  • 9 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks