User ID Agent

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

User ID Agent

L1 Bithead

Where the userid agent save log file ?

 

We want to start audit when User ID update task failed on PA

Is there a possibility to move the logs of userid to the siem / syslog server 

1 accepted solution

Accepted Solutions

The default location would be C:\Program Files (x86)\Palo Alto Networks\User-ID Agent\UaDebug.log

View solution in original post

3 REPLIES 3

Cyber Elite
Cyber Elite

@IgorZhukovsky,

less mp-log useridd.log (Logs for the userid process) 

less mp-global userinfo.xml (Current Recorded Users) 

you command is from Paloalto fw

I need to forward user id agent server logs to syslog 

we want to troubleshoot logs that no forward to user id agent > to SYSLOG/ OR QRADAR 

we have 16 DC that forwarding security logs to user id agent server and we have problems

 

The default location would be C:\Program Files (x86)\Palo Alto Networks\User-ID Agent\UaDebug.log

  • 1 accepted solution
  • 3880 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!