Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

search traffic logs by vsys in CLI

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

search traffic logs by vsys in CLI

L1 Bithead

Does anyone know how to specify your traffic logs by vsys and add multiple search parameters of the same type like you can in the gui? We are running PanOS 4.1.7. Notice that the app option does not show up anymore and and there is no vsys option.

PA-1(active)> show log traffic action equal deny app not-equal not-applicable

+ csv-output     csv-output

+ direction      direction

+ dport          dport

+ dst            dst

+ dstuser        dstuser

+ end-time       end-time

+ from           from

+ query          query

+ receive_time   receive_time

+ rule           rule

+ sport          sport

+ src            src

+ srcuser        srcuser

+ start-time     start-time

+ to             to

  |              Pipe through a command

1 REPLY 1

L6 Presenter

I cant find it either when looking through the CLI manual for PANOS 4.1.

It seems that only the alarm facility has the vsys option to filter on when doing show log:

> traffic — Displays traffic logs

+ action — Action equals or does not equal allow, deny, or drop

+ app — Equals or does not equal value

+ csv-output — Equals CSV output (no or yes)

+ direction — Backward or forward direction

+ dport — Destination port equals or does not equal (0-65535)

+ dst — Destination IP address in or not in (x.x.x.x/y or IPv6/netmask)

+ dstuser — Equals destination user name

+ end-time — Ending date and time YYYY/MM/DD@hh:mm:ss (e.g., 2011/08/01@10:00:00)

+ from — Equals or does not equal value

+ query — Equal to query value

+ receive_time — Receive time in the last specified time period (press <tab> for list)

+ rule — Equals or does not equal rule value

+ sport — Source port equals or does not equal (0-65535)

+ src — Source IP address in or not in (x.x.x.x/y or IPv6/netmask)

+ srcuser — Equals source user name

+ start-time — Starting date and time YYYY/MM/DD@hh:mm:ss (e.g., 2011/08/01@10:00:00)

+ to — Equals or does not equal value

  • 2405 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!