traffic logs

Announcements

ATTENTION Customers, All Partners and Employees: The Customer Support Portal (CSP) will be undergoing maintenance and unavailable on Saturday, November 7, 2020, from 11 am to 11 pm PST. Please read our blog for more information.

Reply
Highlighted
L4 Transporter

traffic logs

Hi friends,

Today i have found some problem with network traffic logs in PAN OS 5.0.3. i am not getting proper logs of network traffic any suggestion!!!!

Regards

Satish

Highlighted
L7 Applicator

Hello Satish,

Are you unable to see logs under Monitor > traffic....?

You may check with below mentioned CLI command, to confirm that the PAN firewall is generating traffic logs:

admin@31-PA-3020> debug log-receiver statistics

Example:

Logging statistics

------------------------------ -----------

Log incoming rate:             2/sec

Log written rate:              2/sec >>>>>>>>>>>>>>>>>>>>>

Corrupted packets:             0

Corrupted URL packets:         0

Logs discarded (queue full):   0

Traffic logs written:          504023

URL logs written:              2133

Wildfire logs written:         0

Anti-virus logs written:       0

Spyware logs written:          5009

Attack logs written:           0

Vulnerability logs written:    36

Fileext logs written:          69

URL cache age out count:       1826

URL cache full count:          0

URL cache key exist count:     0

Traffic alarms dropped due to sysd write failures: 0

Traffic alarms dropped due to global rate limiting: 0

Traffic alarms dropped due to each source rate limiting: 0

Traffic alarms generated count:  0 >>>>>>>>>>>>>>>>>>>>>>>>

Log Forward count:             0

Log Forward discarded (queue full) count: 0

Log Forward discarded (send error) count: 0

Summary Statistics:

Num current drop entries in trsum:0

Num cumulative drop entries in trsum:0

Num current drop entries in thsum:0

Num cumulative drop entries in thsum:0

External Forwarding stats:

      Type  Enqueue Count     Send Count     Drop Count    Queue Depth     Send Rate(last 1min)

    syslog         511369         511368              1              0                        0

      snmp              0              0              0              0                        0

     email              0              0              0              0                        0

       raw         511369         511369              0              0                        0

Thanks

Highlighted
L6 Presenter

Hi Satish,

can you please more deails on "proper log"? Does it show any logs are no logs ?

Regards,

Hardik Shah

Highlighted
L7 Applicator

What log settings are enabled in the security-policy:

policy-logging.JPG

Thanks

Highlighted
L4 Transporter

Hi Hulk,

I have not try with CLI but In GUI i m not able to find out. if any log comes in Monitor Tab its take around 20-30 mint gap.

Highlighted
L6 Presenter

Hi Satish,

Lets say if you are browsing, then you are supposed to close the page in browser. So session is terminated and firewall generates log.

If not, it waits till session timeout and then generates log.

Regards,

Hardik Shah

Highlighted
L7 Applicator

As Hardik said, you need to close the browser or connection to generate traffic logs ( assuming that, you have only enabled "log at session end" on security policy). Otherwise, it will keep the session active till default session timeout value.

Default timeout values are given below:

Session timeout

  TCP default timeout:                           3600 secs

  TCP session timeout before SYN-ACK received:      5 secs

  TCP session timeout before 3-way handshaking:    10 secs

  TCP session timeout after FIN/RST:               30 secs

  UDP default timeout:                             30 secs

  ICMP default timeout:                             6 secs

  other IP default timeout:                        30 secs

  Captive Portal session timeout:                  30 secs

  Session timeout in discard state:

    TCP: 90 secs, UDP: 60 secs, other IP protocols: 60 secs

Hope this helps.

Thanks

Highlighted
L4 Transporter

Thanks for reply dud... :smileyhappy:   _/\_

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!