traffic logs

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

traffic logs

L4 Transporter

Hi friends,

Today i have found some problem with network traffic logs in PAN OS 5.0.3. i am not getting proper logs of network traffic any suggestion!!!!

Regards

Satish

7 REPLIES 7

L7 Applicator

Hello Satish,

Are you unable to see logs under Monitor > traffic....?

You may check with below mentioned CLI command, to confirm that the PAN firewall is generating traffic logs:

admin@31-PA-3020> debug log-receiver statistics

Example:

Logging statistics

------------------------------ -----------

Log incoming rate:             2/sec

Log written rate:              2/sec >>>>>>>>>>>>>>>>>>>>>

Corrupted packets:             0

Corrupted URL packets:         0

Logs discarded (queue full):   0

Traffic logs written:          504023

URL logs written:              2133

Wildfire logs written:         0

Anti-virus logs written:       0

Spyware logs written:          5009

Attack logs written:           0

Vulnerability logs written:    36

Fileext logs written:          69

URL cache age out count:       1826

URL cache full count:          0

URL cache key exist count:     0

Traffic alarms dropped due to sysd write failures: 0

Traffic alarms dropped due to global rate limiting: 0

Traffic alarms dropped due to each source rate limiting: 0

Traffic alarms generated count:  0 >>>>>>>>>>>>>>>>>>>>>>>>

Log Forward count:             0

Log Forward discarded (queue full) count: 0

Log Forward discarded (send error) count: 0

Summary Statistics:

Num current drop entries in trsum:0

Num cumulative drop entries in trsum:0

Num current drop entries in thsum:0

Num cumulative drop entries in thsum:0

External Forwarding stats:

      Type  Enqueue Count     Send Count     Drop Count    Queue Depth     Send Rate(last 1min)

    syslog         511369         511368              1              0                        0

      snmp              0              0              0              0                        0

     email              0              0              0              0                        0

       raw         511369         511369              0              0                        0

Thanks

L6 Presenter

Hi Satish,

can you please more deails on "proper log"? Does it show any logs are no logs ?

Regards,

Hardik Shah

L7 Applicator

What log settings are enabled in the security-policy:

policy-logging.JPG

Thanks

Hi Hulk,

I have not try with CLI but In GUI i m not able to find out. if any log comes in Monitor Tab its take around 20-30 mint gap.

Hi Satish,

Lets say if you are browsing, then you are supposed to close the page in browser. So session is terminated and firewall generates log.

If not, it waits till session timeout and then generates log.

Regards,

Hardik Shah

As Hardik said, you need to close the browser or connection to generate traffic logs ( assuming that, you have only enabled "log at session end" on security policy). Otherwise, it will keep the session active till default session timeout value.

Default timeout values are given below:

Session timeout

  TCP default timeout:                           3600 secs

  TCP session timeout before SYN-ACK received:      5 secs

  TCP session timeout before 3-way handshaking:    10 secs

  TCP session timeout after FIN/RST:               30 secs

  UDP default timeout:                             30 secs

  ICMP default timeout:                             6 secs

  other IP default timeout:                        30 secs

  Captive Portal session timeout:                  30 secs

  Session timeout in discard state:

    TCP: 90 secs, UDP: 60 secs, other IP protocols: 60 secs

Hope this helps.

Thanks

Thanks for reply dud... Smiley Happy   _/\_

  • 3148 Views
  • 7 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!