06-22-2017 08:46 AM
I'm having a bit of trouble with the format for exporting traffic logs from Panorama for a particular user. I've setup the CLI command as below but the resulting csv file is empty.
scp export log traffic query "user.src equals <username>" ...
scp export log traffic query "username equals <username>" ...
I've also tried "equal" instead of "equals" but not having much luck. Does anyone know what the correct format should be to query the username?
Thanks,
Ash
06-22-2017 09:33 AM
You can format the query exactly how you would if you ran it on the GUI, so your query would actually be
scp export log traffic query equal " ( user.src eq 'domain\user' ) " ...
06-22-2017 09:33 AM
You can format the query exactly how you would if you ran it on the GUI, so your query would actually be
scp export log traffic query equal " ( user.src eq 'domain\user' ) " ...
06-23-2017 01:17 AM
Thanks BPry, that great to know and has worked.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
