I'm struggling a little with the documentation on how to generate useful reports.
If I look in the ACC or default reports I can see destinations but they are simply a mix of raw hostname and rdns lookups - they might show a lot of traffic to, say, a88-221-183-148.deploy.akamaitechnologies.com, but they won't show that traffic was actually people looking at http://news.bbc.co.uk.
How can I get a report that (for example) simply show the top X sites (not individual pages) visited for the past X hour or days please?
Also I'm unclear what I need to enable in terms of logging to be able to do this - do I need to enable (as a minimum) alerting on all URLs for a URL profile assigned to a policy, or does the PAN log all this info somewhere by default?
Now some of our third party partners reporting tool can actually create reports based on the URL domain portion of the URL logs. I have attached an example from Sawmill.
We understood the need and I will recommend you guys to escalate your needs to our local sales and SE team, in order to make sure that we will be able to well documented your needs in details with justification.
the sawmill example provided is still not enough:
As a reseller, I (and final customers too) don't care to know that Mister X goes to ad.yieldmanager.com, a248.e.akamai.net or imageserv01.yss4.com...
Palo Alto SE tell us all the time that Next-gen FW can replace WEB Proxys and that cache is not useful . This is true, but how can we argue that point if the FW is not even able to produce the most basic WEB report: Top Website visited (User, Domain, Bytes) ?
I don't want to add a third party tool, such as Sawmill, splunk or whatever else to have this very simple report.
What about PanOS 4.0 (or 4.1) ? If not, is it in the roadmap ? I search in the knowledgepoint forum and a lot of users have the same question...
Thanks for Palo Alto responses.
Certainly I understood your request and I had also heard similar requests somewhere else. For roadmap and formal request I will recommend you to reach your local PAN SE so that they can have better escalation to us. For the time being if you are using some 3rd party reportin solutions that will be a good alternative.
Thanks for your answer Jones.
For sure, we will contact our local PAN SE and hope this part of reporting will be improved quickly.
About integrating with a 3rd party, I'm not sure it will solve the problem since the FW only logs websites by Reverse DNS, as someone else already said earlier. Whatever the 3rd party, it will only be capable to use data sent by the FW, isn't it ?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!